d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

gro: check payload length after trim

Browse Source 
When packet is padded with extra bytes the
the validation of the payload length should be done
after the trim operation

Fixes: b8a55871d5 ("gro: trim tail padding bytes")
Cc: stable@dpdk.org

Signed-off-by: Kumara Parameshwaran <kumaraparamesh92@gmail.com>
Acked-by: Jiayu Hu <jiayu.hu@intel.com>
This commit is contained in:
Kumara Parameshwaran 2022-10-16 20:13:05 +05:30 committed by Thomas Monjalon
parent fe61babe0b
commit 72f51b097a
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/gro/gro_tcp4.c
View File

@ -225,6 +225,12 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
*/
if (tcp_hdr->tcp_flags != RTE_TCP_ACK_FLAG)
return -1;
/* trim the tail padding bytes */
ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
/*
* Don't process the packet whose payload length is less than or
* equal to 0.
@ -233,11 +239,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
if (tcp_dl <= 0)
return -1;
/* trim the tail padding bytes */
ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
/*
* Save IPv4 ID for the packet whose DF bit is 0. For the packet
* whose DF bit is 1, IPv4 ID is ignored.

10
lib/gro/gro_udp4.c
View File

@ -220,6 +220,11 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
if (!is_ipv4_fragment(ipv4_hdr))
return -1;
ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
/* trim the tail padding bytes */
if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
/*
* Don't process the packet whose payload length is less than or
* equal to 0.
@ -227,14 +232,9 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
if (pkt->pkt_len <= hdr_len)
return -1;
ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (ip_dl <= pkt->l3_len)
return -1;
/* trim the tail padding bytes */
if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
ip_dl -= pkt->l3_len;
ip_id = rte_be_to_cpu_16(ipv4_hdr->packet_id);
frag_offset = rte_be_to_cpu_16(ipv4_hdr->fragment_offset);