diff mbox series

[v2,1/4] ip_frag: ensure minimum v4 fragmentation length

Message ID 20200401131849.2209336-2-aconole@redhat.com (mailing list archive)
State Superseded, archived
Delegated to: Thomas Monjalon
Headers show
Series ip_frag: add a unit test for fragmentation | expand


Context Check Description
ci/iol-testing success Testing PASS
ci/Intel-compilation fail Compilation issues
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance fail Performance Testing issues
ci/checkpatch success coding style OK

Commit Message

Aaron Conole April 1, 2020, 1:18 p.m. UTC
The IPv4 specification says that each fragment must at least the size of
an IP header plus 8 octets.  When attempting to run ipfrag using a
smaller size, the fragment library will return successful completion,
even though it is a violation of RFC791 (and updates).

Signed-off-by: Aaron Conole <aconole@redhat.com>
 lib/librte_ip_frag/rte_ipv4_fragmentation.c | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series


diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
index 9e9f986cc5..4baaf6355c 100644
--- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c
+++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
@@ -76,6 +76,12 @@  rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 	uint16_t fragment_offset, flag_offset, frag_size;
 	uint16_t frag_bytes_remaining;
+	/*
+	 * Ensure the IP fragmentation size is at least iphdr length + 8 octets
+	 */
+	if (unlikely(mtu_size < (sizeof(struct rte_ipv4_hdr) + 8*sizeof(char))))
+		return -EINVAL;
 	 * Ensure the IP payload length of all fragments is aligned to a
 	 * multiple of 8 bytes as per RFC791 section 2.3.