From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yk0-f170.google.com (mail-yk0-f170.google.com [209.85.160.170]) by dpdk.org (Postfix) with ESMTP id 8ECDE5A68 for ; Wed, 18 Nov 2015 06:26:58 +0100 (CET) Received: by ykfs79 with SMTP id s79so46580814ykf.1 for ; Tue, 17 Nov 2015 21:26:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bigswitch_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K48yrzkN2pC8dmSkfV5NxLHMBYuvOgYuNTNZ3c7EMp4=; b=ycWOiZZPYbt1rbXoS0JKittcLHjpgR2qLiX/zIhNQW+pdfsq680l94pBEl+CmOfe5I K54eUUTCjPyKWzIPnXembbtoM0poFEtSuW3xG4ggN7l4x5XsRGJ4CAPvwjiKfYkRzLl5 mRln283tBQasPtyjyMYqapq9Wf3fWGCwp+/ZKferjPCHKyvL1EAAwmv/dwcAqUV6qkpT 8lEGRnx0qsRxLGtIxKL21Y3GzSOuAmDhfoG/lKYm7i+U8becUaqA/4fWLBRrlF65Z+7a Mh5QD4tAq2PMi1G6y3fcLa8QskwgRu8kCK5R2PygX+A3HJ/Gd2jZ8nfS8LmLC8v+a6A0 rpHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=K48yrzkN2pC8dmSkfV5NxLHMBYuvOgYuNTNZ3c7EMp4=; b=X7BfdYHvKhtqP7xB32ZGCd5QWMBSgJ6i6cPSE+wvlWNu58oc3kz7SF3EMah9iXzoH7 ppDN/zcEUBrvcNeUKvOXI05UoVnSd/WIVR2Z5erjaTLtC76Cd+3gfqIZfmm/JmxNmMkb SbSra6Ao/NvwH3UtjkGMJYY0+sVYO+/qyHv31IaxXFVOZUbIrG7wKXYBKB/6kt5qw1YB YSLlhhH3hz0hcrDS9yf2z4JBdAL6DscKBDfLSdl3bo1NcH2Om4qAYgM6zxPcoVVgg200 UGPNbZCIAtX39i/FQrdOzQ7HM3/OwO4kSiuhWM9epJyTD7DAl4DAbFm7/Hf97ArLSXup xHcA== X-Gm-Message-State: ALoCoQlZUhAGz4nhnimhnjpLLHG2RauKqvDftb8epGvVGlZM8AzogFGHTr72xLrHUWveCgS21Rm3 MIME-Version: 1.0 X-Received: by 10.129.70.65 with SMTP id t62mr43817006ywa.240.1447824418046; Tue, 17 Nov 2015 21:26:58 -0800 (PST) Received: by 10.31.3.170 with HTTP; Tue, 17 Nov 2015 21:26:57 -0800 (PST) In-Reply-To: <20151118025655.GW2326@yliu-dev.sh.intel.com> References: <1447315353-42152-1-git-send-email-rlane@bigswitch.com> <20151112092305.GI2326@yliu-dev.sh.intel.com> <20151117132349.GT2326@yliu-dev.sh.intel.com> <20151118025655.GW2326@yliu-dev.sh.intel.com> Date: Tue, 17 Nov 2015 21:26:57 -0800 Message-ID: From: Rich Lane To: Yuanhan Liu Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH] vhost: avoid buffer overflow in update_secure_len X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2015 05:26:58 -0000 On Tue, Nov 17, 2015 at 6:56 PM, Yuanhan Liu wrote: > @@ -519,6 +526,8 @@ virtio_dev_merge_rx(struct virtio_net *dev, uint16_t > queue_id, > goto merge_rx_exit; > } else { > update_secure_len(vq, res_cur_idx, > &secure_len, &vec_idx); > + if (secure_len == 0) > + goto merge_rx_exit; > res_cur_idx++; > } > } while (pkt_len > secure_len); > I think this needs to check whether secure_len was modified. secure_len is read-write and could have a nonzero value going into the call. It could be cleaner to give update_secure_len a return value saying whether it was able to reserve any buffers. Otherwise looks good, thanks!