From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f174.google.com (mail-wr0-f174.google.com [209.85.128.174]) by dpdk.org (Postfix) with ESMTP id 0673E1B3E3 for ; Thu, 2 Nov 2017 13:03:27 +0100 (CET) Received: by mail-wr0-f174.google.com with SMTP id p96so4770767wrb.7 for ; Thu, 02 Nov 2017 05:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QK1ZAUaRXt42aoQBDpCxekQmkiOt3kw+xbWDc0cR1rQ=; b=aOTuBYJVnDh9edJGIgCgbHHydvF3FHqVMetzLHxzjRqAuholWQmTA9bI4WKChC47gP k9AZol3VyEspodoPmZ3bwyHYAsFRoVXyGfdUPMNHm93MvszShiu+bfljNsJvPkpz2GUm GuAhpLi8ujmb2IgVfJxDus26njKZxcAMkyBytrrBfhzzCVJdd1iNNSKrvLctvdOpm1Pl WMrYQeSys6v7zOJaWefi6nZL7/51QdjOtxotL6CQgs17pTA0mU6U1xytVN4g9TDfe15X lusXj9vg8ZX4XId4nrIi+gHRmqo9v8wH6c3vwJ/Ho1P5neJBGeNlIHu5tqCM+iPnSD3w qAtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QK1ZAUaRXt42aoQBDpCxekQmkiOt3kw+xbWDc0cR1rQ=; b=DbfvjXpZPF1hIGeUkl6CTz/5XtOOJXT4itRTeiH75NhBuB/hI3oxs8UBOEnmcSmNjS M26HAibwdTfPERwjOccJwgbVEhJGZD+MWwqykVNV2DPY6OE3sKC5ysWy1XNz+BvW/kfg GcaErmp7v51QFUkfYf42ltKZp8vNMTr5QtKKGrA4aAV5rz6OuAXG24T0eU6NBSOwRYdR U3patw513Jghx92DjrkztSmtppyMoSdD4xE2tX379amuCgKf3+8YALAm7B6D4rJ0uyB2 Ia1ESXopWJ0irKFdePvgYrGhTxnOeCc5Iw+eVjRw4loM1sEGbFI4K4Q1blSSrnEQ6A7R aShQ== X-Gm-Message-State: AMCzsaWayTw+LPIbX1QaK5E11iJyrft6UKGgx45A0QY3xsZlAvHT11c1 E2Q2Y2xltJlSXHbh86MR6RM= X-Google-Smtp-Source: ABhQp+RXdPDOma/jbqukdFMX4S0SJiUzEQUrxpZ2SwuX5uAzkcaO479dKdhx9wKS0g426L6Xd1ev9A== X-Received: by 10.223.145.166 with SMTP id 35mr2537791wri.51.1509624206741; Thu, 02 Nov 2017 05:03:26 -0700 (PDT) Received: from localhost ([2a00:23c5:bef3:400:4a51:b7ff:fe0b:4749]) by smtp.gmail.com with ESMTPSA id c82sm1751204wme.20.2017.11.02.05.03.25 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 02 Nov 2017 05:03:26 -0700 (PDT) From: luca.boccassi@gmail.com To: Tomasz Duszynski Cc: Sergio Gonzalez Monroy , Aviad Yehezkel , dpdk stable Date: Thu, 2 Nov 2017 12:02:34 +0000 Message-Id: <20171102120247.10565-5-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171102120247.10565-1-luca.boccassi@gmail.com> References: <20171030153511.13322-1-luca.boccassi@gmail.com> <20171102120247.10565-1-luca.boccassi@gmail.com> Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix IP version check' has been queued to LTS release 16.11.4 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 12:03:27 -0000 Hi, FYI, your patch has been queued to LTS release 16.11.4 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/04/17. So please shout if anyone has objections. Thanks. Kind regards, Luca Boccassi --- >>From 2961139beccc412b9082946e660d369e3a6859e2 Mon Sep 17 00:00:00 2001 From: Tomasz Duszynski Date: Fri, 13 Oct 2017 14:50:09 +0200 Subject: [PATCH] examples/ipsec-secgw: fix IP version check [ upstream commit 3417350e7f1726d6495e0d85e2212f6d4f959e4e ] Since new_ip and ip4 are overlapping buffers copying ip4 over new_ip using memmove() might overwrite memory at ip4. This could happen if following condition holds: ip_hdr_len > sizeof(struct esp_hdr) + sa->iv_len Thus using ip4 to check ip version is wrong as it might not contain proper value. Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode") Signed-off-by: Tomasz Duszynski Acked-by: Sergio Gonzalez Monroy Reviewed-by: Aviad Yehezkel --- examples/ipsec-secgw/esp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index ec5a2e627..c5f30f7d9 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -294,8 +294,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, sizeof(struct esp_hdr) + sa->iv_len); memmove(new_ip, ip4, ip_hdr_len); esp = (struct esp_hdr *)(new_ip + ip_hdr_len); + ip4 = (struct ip *)new_ip; if (likely(ip4->ip_v == IPVERSION)) { - ip4 = (struct ip *)new_ip; ip4->ip_p = IPPROTO_ESP; ip4->ip_len = htons(rte_pktmbuf_data_len(m)); } else { -- 2.11.0