[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 5/7] net/eth: Check iovec has enough data earlier
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH v5 5/7] net/eth: Check iovec has enough data earlier |
Date: |
Wed, 10 Mar 2021 18:57:18 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 |
On 3/10/21 5:53 PM, Stefano Garzarella wrote:
> On Wed, Mar 10, 2021 at 05:01:33PM +0100, Philippe Mathieu-Daudé wrote:
>> We want to check fields from ip6_ext_hdr_routing structure
>> and if correct read the full in6_address. Let's directly check
>> if our iovec contains enough data for everything, else return
>> early.
>>
>> Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>> net/eth.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/eth.c b/net/eth.c
>> index e870d02b0df..28cdc843a69 100644
>> --- a/net/eth.c
>> +++ b/net/eth.c
>> @@ -409,7 +409,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt,
>> int pkt_frags,
>> size_t input_size = iov_size(pkt, pkt_frags);
>> size_t bytes_read;
>>
>> - if (input_size < ext_hdr_offset + sizeof(*ext_hdr)) {
>> + if (input_size < ext_hdr_offset + sizeof(*rthdr) +
>> sizeof(*dst_addr)) {
>> return false;
>> }
>
> If you have to respin, maybe we should also fix the offset in
> iov_to_buf() in this patch and queue it for stable:
>
> @@ -415,7 +415,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt,
> int pkt_frags,
>
> if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
> bytes_read = iov_to_buf(pkt, pkt_frags,
> - ext_hdr_offset + sizeof(*ext_hdr),
> + ext_hdr_offset + sizeof(*rthdr),
> dst_addr, sizeof(*dst_addr));
Oh, so we always screwed the address by 4 bytes...
This code never worked correctly :(
>
> return bytes_read == sizeof(*dst_addr);
>
> Otherwise:
>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
>
- [PATCH v5 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr(), Philippe Mathieu-Daudé, 2021/03/10
- [PATCH v5 1/7] net/eth: Simplify _eth_get_rss_ex_dst_addr(), Philippe Mathieu-Daudé, 2021/03/10
- [PATCH v5 2/7] net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH v5 4/7] net/eth: Check the size earlier, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH v5 3/7] net/eth: Make ip6_ext_hdr *ext_hdr pointer to const, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH v5 5/7] net/eth: Check iovec has enough data earlier, Philippe Mathieu-Daudé, 2021/03/10
[PATCH v5 7/7] net/eth: Add an assert() and invert if() statement to simplify code, Philippe Mathieu-Daudé, 2021/03/10
[PATCH v5 6/7] net/eth: Read ip6_ext_hdr_routing buffer before accessing it, Philippe Mathieu-Daudé, 2021/03/10