On 10/27/2020 5:10 PM, Luca Boccassi wrote:
On Mon, 2020-08-10 at 19:33 -0700, lon...@linuxonhyperv.com wrote:
From: Stephen Hemminger <step...@networkplumber.org>
The data from the host is trusted but checked by the driver.
One check that is missing is that the packet offset and length
might cause wraparound.
Cc: sta...@dpdk.org
Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
Signed-off-by: Long Li <lon...@microsoft.com>
---
drivers/net/netvsc/hn_rxtx.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c
index a388ff258..d8d3f07f5 100644
--- a/drivers/net/netvsc/hn_rxtx.c
+++ b/drivers/net/netvsc/hn_rxtx.c
@@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
struct hn_rx_bufinfo *rxb,
void *data, uint32_t dlen)
{
- unsigned int data_off, data_len, pktinfo_off, pktinfo_len;
+ unsigned int data_off, data_len, total_len;
+ unsigned int pktinfo_off, pktinfo_len;
const struct rndis_packet_msg *pkt = data;
struct hn_rxinfo info = {
.vlan_info = HN_NDIS_VLAN_INFO_INVALID,
@@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
goto error;
}
- if (unlikely(data_off + data_len > pkt->len))
+ if (__builtin_add_overflow(data_off, data_len, &total_len) ||
+ total_len > pkt->len)
goto error;
if (unlikely(data_len < RTE_ETHER_HDR_LEN))
This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as
__builtin_add_overflow is not available. Could you please send a follow
up to fix it?
It should be already fixed in the repo:
https://git.dpdk.org/dpdk/commit/?id=d73543b5f46d
Are you getting the build error with 20.11-rc1?
