From patchwork Mon Dec 17 06:05:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Hu, Jiayu" X-Patchwork-Id: 48967 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A87A61B7F2; Mon, 17 Dec 2018 07:06:09 +0100 (CET) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 3DFB91B732; Mon, 17 Dec 2018 07:06:07 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2018 22:06:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,364,1539673200"; d="scan'208";a="260030919" Received: from dpdk15.sh.intel.com ([10.67.111.146]) by orsmga004.jf.intel.com with ESMTP; 16 Dec 2018 22:06:05 -0800 From: Jiayu Hu To: dev@dpdk.org Cc: Jiayu Hu , stable@dpdk.org Date: Mon, 17 Dec 2018 14:05:39 +0800 Message-Id: <1545026739-71980-1-git-send-email-jiayu.hu@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [dpdk-dev] [PATCH] gro: fix overflow of payload length calculation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When the packet length is smaller than the header length, the calculated payload length will be overflowed and result in incorrect reassembly behaviors. Fixes: 1e4cf4d6d4fb ("gro: cleanup") Fixes: 9e0b9d2ec0f4 ("gro: support VxLAN GRO") Cc: stable@dpdk.org Signed-off-by: Jiayu Hu --- lib/librte_gro/gro_tcp4.c | 3 ++- lib/librte_gro/gro_vxlan_tcp4.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/librte_gro/gro_tcp4.c b/lib/librte_gro/gro_tcp4.c index 2c0f35c..2fe9aab 100644 --- a/lib/librte_gro/gro_tcp4.c +++ b/lib/librte_gro/gro_tcp4.c @@ -198,7 +198,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt, struct ipv4_hdr *ipv4_hdr; struct tcp_hdr *tcp_hdr; uint32_t sent_seq; - uint16_t tcp_dl, ip_id, hdr_len, frag_off; + int32_t tcp_dl; + uint16_t ip_id, hdr_len, frag_off; uint8_t is_atomic; struct tcp4_flow_key key; diff --git a/lib/librte_gro/gro_vxlan_tcp4.c b/lib/librte_gro/gro_vxlan_tcp4.c index ca86f01..955ae4b 100644 --- a/lib/librte_gro/gro_vxlan_tcp4.c +++ b/lib/librte_gro/gro_vxlan_tcp4.c @@ -295,7 +295,8 @@ gro_vxlan_tcp4_reassemble(struct rte_mbuf *pkt, struct udp_hdr *udp_hdr; struct vxlan_hdr *vxlan_hdr; uint32_t sent_seq; - uint16_t tcp_dl, frag_off, outer_ip_id, ip_id; + int32_t tcp_dl; + uint16_t frag_off, outer_ip_id, ip_id; uint8_t outer_is_atomic, is_atomic; struct vxlan_tcp4_flow_key key;