[dpdk-stable] [PATCH 2/2] net/bonding: fix oob access in "other" aggregator modes
David Marchand
david.marchand at redhat.com
Thu Mar 21 21:28:14 CET 2019
From: Zhaohui <zhaohui8 at huawei.com>
slave aggregator_port_id is in [0, RTE_MAX_ETHPORTS-1] range.
If RTE_MAX_ETHPORTS is > 8, we can hit out of bound accesses on
agg_bandwidth[] and agg_count[] arrays.
Fixes: 6d72657ce379 ("net/bonding: add other aggregator modes")
Cc: stable at dpdk.org
Signed-off-by: Zhaohui <zhaohui8 at huawei.com>
Signed-off-by: David Marchand <david.marchand at redhat.com>
---
drivers/net/bonding/rte_eth_bond_8023ad.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/bonding/rte_eth_bond_8023ad.c b/drivers/net/bonding/rte_eth_bond_8023ad.c
index 3943ec1..5004898 100644
--- a/drivers/net/bonding/rte_eth_bond_8023ad.c
+++ b/drivers/net/bonding/rte_eth_bond_8023ad.c
@@ -669,8 +669,8 @@
struct port *agg, *port;
uint16_t slaves_count, new_agg_id, i, j = 0;
uint16_t *slaves;
- uint64_t agg_bandwidth[8] = {0};
- uint64_t agg_count[8] = {0};
+ uint64_t agg_bandwidth[RTE_MAX_ETHPORTS] = {0};
+ uint64_t agg_count[RTE_MAX_ETHPORTS] = {0};
uint16_t default_slave = 0;
uint16_t mode_count_id;
uint16_t mode_band_id;
--
1.8.3.1
More information about the stable
mailing list