diff mbox series

examples/ipsec-secgw: fix flow pattern buffer overrun

Message ID	20220803092537.2205277-1-psatheesh@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: <psatheesh@marvell.com> To: Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal <gakhil@marvell.com> CC: <dev@dpdk.org>, Satheesh Paul <psatheesh@marvell.com>, <stable@dpdk.org> Subject: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix flow pattern buffer overrun Date: Wed, 3 Aug 2022 14:55:37 +0530 Message-ID: <20220803092537.2205277-1-psatheesh@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	examples/ipsec-secgw: fix flow pattern buffer overrun \| examples/ipsec-secgw: fix flow pattern buffer overrun

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/intel-Testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/github-robot: build	success	github build: passed

Commit Message

Satheesh Paul Antonysamy Aug. 3, 2022, 9:25 a.m. UTC

  From: Satheesh Paul <psatheesh@marvell.com>

This patch fixes the patterns buffer overrun issue reported
by Coverity.

Coverity issue: 379236
Fixes: 8d0cdaa2d7 ("examples/ipsec-secgw: support mark and security flow action")
Cc: stable@dpdk.org

Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Akhil Goyal <gakhil@marvell.com>
---
 examples/ipsec-secgw/flow.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comments

Akhil Goyal Aug. 28, 2022, 8:47 a.m. UTC | #1

> From: Satheesh Paul <psatheesh@marvell.com>
> 
> This patch fixes the patterns buffer overrun issue reported
> by Coverity.
> 
> Coverity issue: 379236
> Fixes: 8d0cdaa2d7 ("examples/ipsec-secgw: support mark and security flow
> action")

Fixes tag is not correct.
Changed to: b3a4baf87f44 ("examples/ipsec-secgw: support more flow patterns and actions")
While merging.
> Cc: stable@dpdk.org
> 
> Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
> Reviewed-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto

diff mbox series

Patch

diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c
index aee97b2fc4..9b18be83af 100644
--- a/examples/ipsec-secgw/flow.c
+++ b/examples/ipsec-secgw/flow.c
@@ -270,7 +270,7 @@  parse_flow_tokens(char **tokens, uint32_t n_tokens,
 	nb_flow_rule++;
 }
 
-#define MAX_RTE_FLOW_PATTERN (4)
+#define MAX_RTE_FLOW_PATTERN (5)
 #define MAX_RTE_FLOW_ACTIONS (5)
 
 static void
@@ -334,9 +334,7 @@  flow_init_single(struct flow_rule_entry *rule)
 		pattern[pattern_idx].spec = &rule->ipv4.spec;
 		pattern[pattern_idx].mask = &rule->ipv4.mask;
 		pattern_idx++;
-	}
-
-	if (rule->is_ipv6) {
+	} else if (rule->is_ipv6) {
 		pattern[pattern_idx].type = RTE_FLOW_ITEM_TYPE_IPV6;
 		pattern[pattern_idx].spec = &rule->ipv6.spec;
 		pattern[pattern_idx].mask = &rule->ipv6.mask;