[dpdk-stable] [dpdk-dev] [PATCH] gro: fix overflow of TCP Options length calculation

Bruce Richardson bruce.richardson at intel.com
Mon Jan 7 15:29:55 CET 2019

Previous message: [dpdk-stable] [PATCH] gro: fix overflow of TCP Options length calculation
Next message: [dpdk-stable] [dpdk-dev] [PATCH] gro: fix overflow of TCP Options length calculation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 04, 2019 at 09:57:16AM +0800, Jiayu Hu wrote:
> If we receive a packet with an invalid TCP header, whose
> TCP header length is less than 20 bytes (the minimal TCP
> header length), the calculated TCP Options length will
> overflow and result in incorrect reassembly behaviors.

Please explain how changing the "len" type fixes this behaviour.

> 
> Fixes: 0d2cbe59b719 ("lib/gro: support TCP/IPv4")
> Fixes: 9e0b9d2ec0f4 ("gro: support VxLAN GRO")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Jiayu Hu <jiayu.hu at intel.com>
> ---
>  lib/librte_gro/gro_tcp4.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_gro/gro_tcp4.h b/lib/librte_gro/gro_tcp4.h
> index 6bb30cd..189cea3 100644
> --- a/lib/librte_gro/gro_tcp4.h
> +++ b/lib/librte_gro/gro_tcp4.h
> @@ -266,7 +266,8 @@ check_seq_option(struct gro_tcp4_item *item,
>  	struct rte_mbuf *pkt_orig = item->firstseg;
>  	struct ipv4_hdr *iph_orig;
>  	struct tcp_hdr *tcph_orig;
> -	uint16_t len, tcp_hl_orig;
> +	uint16_t tcp_hl_orig;
> +	int32_t len;
>  
>  	iph_orig = (struct ipv4_hdr *)(rte_pktmbuf_mtod(pkt_orig, char *) +
>  			l2_offset + pkt_orig->l2_len);
> -- 
> 2.7.4
>

Previous message: [dpdk-stable] [PATCH] gro: fix overflow of TCP Options length calculation
Next message: [dpdk-stable] [dpdk-dev] [PATCH] gro: fix overflow of TCP Options length calculation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list