diff mbox series

[1/2] net: fix underflow for checksum of invalid IPv4 packets

Message ID 20181217155005.13457-2-bruce.richardson@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Ferruh Yigit
Headers
Series prevent out of bounds read with checksum |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/intel-Performance-Testing success Performance Testing PASS
ci/mellanox-Performance-Testing success Performance Testing PASS

Commit Message

Bruce Richardson Dec. 17, 2018, 3:50 p.m. UTC 
  If we receive a packet with an invalid IP header, where the total packet
length is reported as less than the IP header length, we would end up
getting an underflow in the length subtraction. This could cause us to
checksum e.g. 4GB of data in the case where the result of the subtraction
was -1. We fix this by having the function return 0 - an invalid sum - when
the length is less than the header length.

CC: stable@dpdk.org
Fixes: af75078fece3 ("first public release")
Fixes: 6006818cfb26 ("net: new checksum functions")

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
---
 lib/librte_net/rte_ip.h | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

Comments

Hemant Agrawal Dec. 18, 2018, 1:15 p.m. UTC | #1 
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com<mailto:hemant.agrawal@nxp.com>>
Hemant Agrawal Dec. 18, 2018, 1:18 p.m. UTC | #2 
After fixing my mail client issues.

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com><mailto:hemant.agrawal@nxp.com>


On 18-Dec-18 6:45 PM, Hemant Agrawal wrote:

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com<mailto:hemant.agrawal@nxp.com><mailto:hemant.agrawal@nxp.com><mailto:hemant.agrawal@nxp.com>>
diff mbox series

Patch

diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h
index f2a8904a2..f9b909090 100644
--- a/lib/librte_net/rte_ip.h
+++ b/lib/librte_net/rte_ip.h
@@ -310,16 +310,20 @@  rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags)
  * @param l4_hdr
  *   The pointer to the beginning of the L4 header.
  * @return
- *   The complemented checksum to set in the IP packet.
+ *   The complemented checksum to set in the IP packet
+ *   or 0 on error
  */
 static inline uint16_t
 rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr)
 {
 	uint32_t cksum;
-	uint32_t l4_len;
+	uint32_t l3_len, l4_len;
+
+	l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+	if (l3_len < sizeof(struct ipv4_hdr))
+		return 0;
 
-	l4_len = (uint32_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) -
-		sizeof(struct ipv4_hdr));
+	l4_len = l3_len - sizeof(struct ipv4_hdr);
 
 	cksum = rte_raw_cksum(l4_hdr, l4_len);
 	cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0);