From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id AF4CDA00E6 for ; Thu, 11 Jul 2019 14:35:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0EBAA2E81; Thu, 11 Jul 2019 14:35:15 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 88E6F2E81 for ; Thu, 11 Jul 2019 14:35:13 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jul 2019 05:35:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,478,1557212400"; d="scan'208";a="156807792" Received: from silpixa00399752.ir.intel.com (HELO silpixa00399752.ger.corp.intel.com) ([10.237.223.78]) by orsmga007.jf.intel.com with ESMTP; 11 Jul 2019 05:35:11 -0700 From: Ferruh Yigit To: dev@dpdk.org Cc: Yangchao Zhou Date: Thu, 11 Jul 2019 13:35:07 +0100 Message-Id: <20190711123508.45219-1-ferruh.yigit@intel.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] kni: fix possible buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 'kni_net_rx_lo_fifo()' can get segmented buffers, using 'pkt_len' for that case will be wrong and some values can cause buffer overflow in destination mbuf data. Signed-off-by: Ferruh Yigit --- kernel/linux/kni/kni_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c index ad8365877..84341ac92 100644 --- a/kernel/linux/kni/kni_net.c +++ b/kernel/linux/kni/kni_net.c @@ -435,7 +435,7 @@ kni_net_rx_lo_fifo(struct kni_dev *kni) /* Copy mbufs */ for (i = 0; i < num; i++) { kva = pa2kva(kni->pa[i]); - len = kva->pkt_len; + len = kva->data_len; data_kva = kva2data_kva(kva); kni->va[i] = pa2va(kni->pa[i], kva); -- 2.21.0