[dpdk-dev] [PATCH] vhost: avoid buffer overflow in update_secure_len
Rich Lane
rich.lane at bigswitch.com
Wed Nov 18 06:26:57 CET 2015
On Tue, Nov 17, 2015 at 6:56 PM, Yuanhan Liu <yuanhan.liu at linux.intel.com>
wrote:
> @@ -519,6 +526,8 @@ virtio_dev_merge_rx(struct virtio_net *dev, uint16_t
> queue_id,
> goto merge_rx_exit;
> } else {
> update_secure_len(vq, res_cur_idx,
> &secure_len, &vec_idx);
> + if (secure_len == 0)
> + goto merge_rx_exit;
> res_cur_idx++;
> }
> } while (pkt_len > secure_len);
>
I think this needs to check whether secure_len was modified. secure_len is
read-write and could have a nonzero value going into the call. It could be
cleaner to give update_secure_len a return value saying whether it was able
to reserve any buffers.
Otherwise looks good, thanks!
More information about the dev
mailing list