DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer
@ 2020-11-05 20:46 Ivan Malov
  2020-11-06 15:48 ` Ferruh Yigit
  0 siblings, 1 reply; 2+ messages in thread
From: Ivan Malov @ 2020-11-05 20:46 UTC (permalink / raw)
  To: dev; +Cc: Andy Moreton, Andrew Rybchenko

Existing field ID validity check does not validate the field
descriptor availability. Make it more rigorous to avoid
reading past the buffer containing field descriptors.

Coverity issue: 363742
Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")

Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
---
 drivers/common/sfc_efx/base/efx_mae.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c
index af9a5189c..ee0a3d319 100644
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -622,25 +622,30 @@ efx_mae_match_spec_field_set(
 	__in_bcount(mask_size)		const uint8_t *mask)
 {
 	const efx_mae_mv_desc_t *descp;
+	unsigned int desc_set_nentries;
 	uint8_t *mvp;
 	efx_rc_t rc;
 
-	if (field_id >= EFX_MAE_FIELD_NIDS) {
-		rc = EINVAL;
-		goto fail1;
-	}
-
 	switch (spec->emms_type) {
 	case EFX_MAE_RULE_OUTER:
+		desc_set_nentries =
+		    EFX_ARRAY_SIZE(__efx_mae_outer_rule_mv_desc_set);
 		descp = &__efx_mae_outer_rule_mv_desc_set[field_id];
 		mvp = spec->emms_mask_value_pairs.outer;
 		break;
 	case EFX_MAE_RULE_ACTION:
+		desc_set_nentries =
+		    EFX_ARRAY_SIZE(__efx_mae_action_rule_mv_desc_set);
 		descp = &__efx_mae_action_rule_mv_desc_set[field_id];
 		mvp = spec->emms_mask_value_pairs.action;
 		break;
 	default:
 		rc = ENOTSUP;
+		goto fail1;
+	}
+
+	if (field_id >= desc_set_nentries) {
+		rc = EINVAL;
 		goto fail2;
 	}
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-11-06 15:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-05 20:46 [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer Ivan Malov
2020-11-06 15:48 ` Ferruh Yigit

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git