examples/ipsec-secgw: fix flow pattern buffer overrun
Checks
Commit Message
From: Satheesh Paul <psatheesh@marvell.com>
This patch fixes the patterns buffer overrun issue reported
by Coverity.
Coverity issue: 379236
Fixes: 8d0cdaa2d7 ("examples/ipsec-secgw: support mark and security flow action")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Akhil Goyal <gakhil@marvell.com>
---
examples/ipsec-secgw/flow.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Comments
> From: Satheesh Paul <psatheesh@marvell.com>
>
> This patch fixes the patterns buffer overrun issue reported
> by Coverity.
>
> Coverity issue: 379236
> Fixes: 8d0cdaa2d7 ("examples/ipsec-secgw: support mark and security flow
> action")
Fixes tag is not correct.
Changed to: b3a4baf87f44 ("examples/ipsec-secgw: support more flow patterns and actions")
While merging.
> Cc: stable@dpdk.org
>
> Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
> Reviewed-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto
@@ -270,7 +270,7 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens,
nb_flow_rule++;
}
-#define MAX_RTE_FLOW_PATTERN (4)
+#define MAX_RTE_FLOW_PATTERN (5)
#define MAX_RTE_FLOW_ACTIONS (5)
static void
@@ -334,9 +334,7 @@ flow_init_single(struct flow_rule_entry *rule)
pattern[pattern_idx].spec = &rule->ipv4.spec;
pattern[pattern_idx].mask = &rule->ipv4.mask;
pattern_idx++;
- }
-
- if (rule->is_ipv6) {
+ } else if (rule->is_ipv6) {
pattern[pattern_idx].type = RTE_FLOW_ITEM_TYPE_IPV6;
pattern[pattern_idx].spec = &rule->ipv6.spec;
pattern[pattern_idx].mask = &rule->ipv6.mask;