[dpdk-stable] [PATCH 2/2] net/tap: add buffer overflow checks before checksum

Wiles, Keith keith.wiles at intel.com
Thu Dec 20 20:33:45 CET 2018

Previous message: [dpdk-stable] [dpdk-dev] [PATCH 2/2] net/tap: add buffer overflow checks before checksum
Next message: [dpdk-stable] [PATCH v5 05/10] net/ifc: store only registered device instance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> On Dec 17, 2018, at 9:50 AM, Richardson, Bruce <bruce.richardson at intel.com> wrote:
> 
> The checksum calculation APIs take only the packet headers pointers as
> parameters, so they assume that the lengths reported in those headers are
> correct. However, a malicious packet could claim to be far larger than it
> is, so we need to check the header lengths in the driver before calling
> the checksum API.
> 
> A better fix would be to allow the lengths to be passed into the API
> function, but that would be an API break, so fixing in TAP driver for
> now.
> 
> CC: stable at dpdk.org
> Fixes: 8ae3023387e9 ("net/tap: add Rx/Tx checksum offload support")
> 
> Signed-off-by: Bruce Richardson <bruce.richardson at intel.com>
> —

Acked-by: Keith Wiles <keith.wiles at intel.com>

Regards,
Keith

Previous message: [dpdk-stable] [dpdk-dev] [PATCH 2/2] net/tap: add buffer overflow checks before checksum
Next message: [dpdk-stable] [PATCH v5 05/10] net/ifc: store only registered device instance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list