common/sfc_efx/base: avoid reading past the buffer
Checks
Commit Message
Existing field ID validity check does not validate the field
descriptor availability. Make it more rigorous to avoid
reading past the buffer containing field descriptors.
Coverity issue: 363742
Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
---
drivers/common/sfc_efx/base/efx_mae.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
Comments
On 11/5/2020 8:46 PM, Ivan Malov wrote:
> Existing field ID validity check does not validate the field
> descriptor availability. Make it more rigorous to avoid
> reading past the buffer containing field descriptors.
>
> Coverity issue: 363742
> Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
>
> Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
> Reviewed-by: Andy Moreton <amoreton@xilinx.com>
Applied to dpdk-next-net/main, thanks.
@@ -622,25 +622,30 @@ efx_mae_match_spec_field_set(
__in_bcount(mask_size) const uint8_t *mask)
{
const efx_mae_mv_desc_t *descp;
+ unsigned int desc_set_nentries;
uint8_t *mvp;
efx_rc_t rc;
- if (field_id >= EFX_MAE_FIELD_NIDS) {
- rc = EINVAL;
- goto fail1;
- }
-
switch (spec->emms_type) {
case EFX_MAE_RULE_OUTER:
+ desc_set_nentries =
+ EFX_ARRAY_SIZE(__efx_mae_outer_rule_mv_desc_set);
descp = &__efx_mae_outer_rule_mv_desc_set[field_id];
mvp = spec->emms_mask_value_pairs.outer;
break;
case EFX_MAE_RULE_ACTION:
+ desc_set_nentries =
+ EFX_ARRAY_SIZE(__efx_mae_action_rule_mv_desc_set);
descp = &__efx_mae_action_rule_mv_desc_set[field_id];
mvp = spec->emms_mask_value_pairs.action;
break;
default:
rc = ENOTSUP;
+ goto fail1;
+ }
+
+ if (field_id >= desc_set_nentries) {
+ rc = EINVAL;
goto fail2;
}