From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id D37BDA0096 for ; Tue, 9 Apr 2019 08:40:38 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0742F4D3A; Tue, 9 Apr 2019 08:40:37 +0200 (CEST) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) by dpdk.org (Postfix) with ESMTP id 568074D27 for ; Tue, 9 Apr 2019 08:40:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1182; q=dns/txt; s=iport; t=1554792035; x=1556001635; h=from:to:cc:subject:date:message-id; bh=6goqWIiokqzSs2eCLAm8vA4pdzzOeH4/u2GfcKqUOME=; b=Cw2bFAZ2Wp1e4N/l4FmTt81Zxlpqwt1wI2mm5hTKpgEC63ChS4kFukia pKtfEjx6Bv0LEMh7edPNO5MJ6LTxj+s54kzFygxNqp+Qenj8JfWBTSmXg AfxaPdlJsztQunSVbWQIVydNnR01PQTXe9U2NTtcQQ7oh69Jyfh/gj5Pa k=; X-IronPort-AV: E=Sophos;i="5.60,328,1549929600"; d="scan'208";a="257612019" Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Apr 2019 06:40:34 +0000 Received: from cisco.com (savbu-usnic-a.cisco.com [10.193.184.48]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTP id x396eXEE013390; Tue, 9 Apr 2019 06:40:34 GMT Received: by cisco.com (Postfix, from userid 508933) id CB9FB20F2001; Mon, 8 Apr 2019 23:40:33 -0700 (PDT) From: Hyong Youb Kim To: Ferruh Yigit Cc: dev@dpdk.org, John Daley , Hyong Youb Kim Date: Mon, 8 Apr 2019 23:40:26 -0700 Message-Id: <20190409064026.13646-1-hyonkim@cisco.com> X-Mailer: git-send-email 2.16.2 X-Outbound-SMTP-Client: 10.193.184.48, savbu-usnic-a.cisco.com X-Outbound-Node: alln-core-5.cisco.com Subject: [dpdk-dev] [PATCH] net/enic: fix raw item length check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Content-Type: text/plain; charset="UTF-8" Message-ID: <20190409064026.t07o-J7LT9QqEEDjtYQqGuV7_q6Ni6o1TlbT3smhWVI@z> Currently, the raw item is always preceeded by a UDP header, and both land in the L4 pattern buffer. So consider the UDP header size when checking if the raw spec fits in the L4 buffer. Coverity issue: 336796 Coverity issue: 336850 Fixes: 477959e6eeb0 ("net/enic: enable limited support for raw flow item") Signed-off-by: Hyong Youb Kim Reviewed-by: John Daley --- drivers/net/enic/enic_flow.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/enic/enic_flow.c b/drivers/net/enic/enic_flow.c index 5924a01e3..32ebeff09 100644 --- a/drivers/net/enic/enic_flow.c +++ b/drivers/net/enic/enic_flow.c @@ -967,7 +967,8 @@ enic_copy_item_raw_v2(struct copy_item_args *arg) if (!spec->relative || spec->offset != 0 || spec->search || spec->limit) return EINVAL; /* Need non-null pattern that fits within the NIC's filter pattern */ - if (spec->length == 0 || spec->length > FILTER_GENERIC_1_KEY_LEN || + if (spec->length == 0 || + spec->length + sizeof(struct udp_hdr) > FILTER_GENERIC_1_KEY_LEN || !spec->pattern || !mask->pattern) return EINVAL; /* -- 2.16.2