diff mbox series

common/sfc_efx/base: avoid reading past the buffer

Message ID	20201105204612.29881-1-ivan.malov@oktetlabs.ru (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	From: Ivan Malov <ivan.malov@oktetlabs.ru> To: dev@dpdk.org Cc: Andy Moreton <amoreton@xilinx.com>, Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru> Date: Thu, 5 Nov 2020 23:46:12 +0300 Message-Id: <20201105204612.29881-1-ivan.malov@oktetlabs.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	common/sfc_efx/base: avoid reading past the buffer \| common/sfc_efx/base: avoid reading past the buffer

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/travis-robot	success	Travis build: passed
ci/iol-broadcom-Functional	fail	Functional Testing issues
ci/iol-testing	success	Testing PASS
ci/iol-intel-Functional	fail	Functional Testing issues
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS

Commit Message

Ivan Malov Nov. 5, 2020, 8:46 p.m. UTC

  Existing field ID validity check does not validate the field
descriptor availability. Make it more rigorous to avoid
reading past the buffer containing field descriptors.

Coverity issue: 363742
Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")

Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
---
 drivers/common/sfc_efx/base/efx_mae.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

Comments

Ferruh Yigit Nov. 6, 2020, 3:48 p.m. UTC | #1

On 11/5/2020 8:46 PM, Ivan Malov wrote:
> Existing field ID validity check does not validate the field
> descriptor availability. Make it more rigorous to avoid
> reading past the buffer containing field descriptors.
> 
> Coverity issue: 363742
> Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
> 
> Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
> Reviewed-by: Andy Moreton <amoreton@xilinx.com>

Applied to dpdk-next-net/main, thanks.

diff mbox series

Patch

diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c
index af9a5189c..ee0a3d319 100644
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -622,25 +622,30 @@  efx_mae_match_spec_field_set(
 	__in_bcount(mask_size)		const uint8_t *mask)
 {
 	const efx_mae_mv_desc_t *descp;
+	unsigned int desc_set_nentries;
 	uint8_t *mvp;
 	efx_rc_t rc;
 
-	if (field_id >= EFX_MAE_FIELD_NIDS) {
-		rc = EINVAL;
-		goto fail1;
-	}
-
 	switch (spec->emms_type) {
 	case EFX_MAE_RULE_OUTER:
+		desc_set_nentries =
+		    EFX_ARRAY_SIZE(__efx_mae_outer_rule_mv_desc_set);
 		descp = &__efx_mae_outer_rule_mv_desc_set[field_id];
 		mvp = spec->emms_mask_value_pairs.outer;
 		break;
 	case EFX_MAE_RULE_ACTION:
+		desc_set_nentries =
+		    EFX_ARRAY_SIZE(__efx_mae_action_rule_mv_desc_set);
 		descp = &__efx_mae_action_rule_mv_desc_set[field_id];
 		mvp = spec->emms_mask_value_pairs.action;
 		break;
 	default:
 		rc = ENOTSUP;
+		goto fail1;
+	}
+
+	if (field_id >= desc_set_nentries) {
+		rc = EINVAL;
 		goto fail2;
 	}