From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aviadye@dev.mellanox.co.il>
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65])
 by dpdk.org (Postfix) with ESMTP id 7ADD01B677
 for <dev@dpdk.org>; Mon, 16 Oct 2017 12:43:22 +0200 (CEST)
Received: by mail-wm0-f65.google.com with SMTP id m72so1781985wmc.1
 for <dev@dpdk.org>; Mon, 16 Oct 2017 03:43:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=dev-mellanox-co-il.20150623.gappssmtp.com; s=20150623;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-transfer-encoding:content-language;
 bh=MnCi7oqVcABuTHzYeAbMFRQd+pXtLNQ1Kb1lZw85da8=;
 b=WgvUtTHyyEoM78CBYgZfi+ygQ3IiqmPaLroioyA5LMrWxQWbgeYXey+qfwWu9bg4Ab
 mLfiGcRb4YDgXfNjNPWeceiMuZIAxPbaOxTALtIzwfz6IjSKZCJPO8Pv5zJs23uiXhZi
 DZKT1rraKUvMpd1uN1CDzd+qPG9oMTwyRVO66HIBFWtt3gqFQxYc00+YlUXr9wj7RZMU
 AfJvXVlKvk8l7Gtcg15oLuzOHp05tNdzw/V0iosbv2o+Dh0WC5tHW4AUYUKrSzCJsl1H
 fp0vPtK+ogkv4M1OlYxEl4sT4Ho50gwyC44JTkVyQkxRmjzt8Z2Ev0Ss0QnQ5GnkgGuI
 nx8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=MnCi7oqVcABuTHzYeAbMFRQd+pXtLNQ1Kb1lZw85da8=;
 b=DT0rZQy1VLvbgKUcA01aZGTYn6GVpt6caFD9A6j/FJ5ezJxf92u0wgvGuMENWSEug2
 P2j0FzD5YbXz4D3SgEbX3b3CR7tUfXBySZUWYA351NptCNcaKU+RMTgHkYNtCEWRllOJ
 V1n2C1nYs5T5slA+au4dTAWljCyTRWPm5kZYaWO3sqRisDuDt1i3XYW2jkqA32HQL9mw
 6qN9o69iDSAwi5PV8hFVgvM+lLPWMbcpPQAIKeXDHk/R4HTxZ2Uu9D0vZ/bFyoNpf+6N
 fU2HrndlBLjgpLIfed7qifAKmSNcgNaXe6eEg/ZE2gRiOZmScuN3o3DNumcRlbBOROI/
 j5yQ==
X-Gm-Message-State: AMCzsaUr4A0FCsRAsNT/uwPUk0QOfNOUi9/Y2H0jMpqaDlGqJR7gZTwp
 1gr/ht3boNoP5vc8jrahhQE5iA==
X-Google-Smtp-Source: ABhQp+R8ILu8PSNL8bCJ8SNXHHpVRzGiiSgsGf3+uNG8ZfwzBp5FprkthG+RvRIZ1kCUg3RvIYeN6w==
X-Received: by 10.28.238.73 with SMTP id m70mr470340wmh.23.1508150602041;
 Mon, 16 Oct 2017 03:43:22 -0700 (PDT)
Received: from [10.0.38.219] ([193.47.165.251])
 by smtp.gmail.com with ESMTPSA id 25sm5851916wrv.8.2017.10.16.03.43.20
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 16 Oct 2017 03:43:21 -0700 (PDT)
To: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>,
 Tomasz Duszynski <tdu@semihalf.com>, dev@dpdk.org
Cc: stable@dpdk.org
References: <1507899009-20393-1-git-send-email-tdu@semihalf.com>
 <89f28ab9-22c1-977e-c986-d691408d9a78@intel.com>
From: Aviad Yehezkel <aviadye@dev.mellanox.co.il>
Message-ID: <a22147bb-8eb5-a09b-876a-4330fbe6552f@dev.mellanox.co.il>
Date: Mon, 16 Oct 2017 13:43:20 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <89f28ab9-22c1-977e-c986-d691408d9a78@intel.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix ip version check
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 10:43:22 -0000

Reviewed-by: Aviad Yehezkel <aviadye@mellanox.com>


On 10/16/2017 12:56 PM, Sergio Gonzalez Monroy wrote:
> On 13/10/2017 13:50, Tomasz Duszynski wrote:
>> Since new_ip and ip4 are overlapping buffers copying ip4 over new_ip
>> using memmove() might overwrite memory at ip4. This could happen if
>> following condition holds:
>>
>> ip_hdr_len > sizeof(struct esp_hdr) + sa->iv_len
>>
>> Thus using ip4 to check ip version is wrong as it might not contain
>> proper value.
>>
>> Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
>> ---
>>   examples/ipsec-secgw/esp.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>> index 2897840..063e63f 100644
>> --- a/examples/ipsec-secgw/esp.c
>> +++ b/examples/ipsec-secgw/esp.c
>> @@ -307,8 +307,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa 
>> *sa,
>>                   sizeof(struct esp_hdr) + sa->iv_len);
>>           memmove(new_ip, ip4, ip_hdr_len);
>>           esp = (struct esp_hdr *)(new_ip + ip_hdr_len);
>> +        ip4 = (struct ip *)new_ip;
>>           if (likely(ip4->ip_v == IPVERSION)) {
>> -            ip4 = (struct ip *)new_ip;
>>               ip4->ip_p = IPPROTO_ESP;
>>               ip4->ip_len = htons(rte_pktmbuf_data_len(m));
>>           } else {
>
> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
>