From patchwork Mon Sep 17 08:23:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wangyunjian X-Patchwork-Id: 970439 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=huawei.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42DJzs1mkVz9sBv for ; Mon, 17 Sep 2018 18:23:36 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 79D3E92B; Mon, 17 Sep 2018 08:23:34 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 215DF910 for ; Mon, 17 Sep 2018 08:23:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from huawei.com (szxga04-in.huawei.com [45.249.212.190]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A83742D4 for ; Mon, 17 Sep 2018 08:23:32 +0000 (UTC) Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 3F1C123060FE4 for ; Mon, 17 Sep 2018 16:23:28 +0800 (CST) Received: from localhost (10.177.24.66) by DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server id 14.3.399.0; Mon, 17 Sep 2018 16:23:23 +0800 From: wangyunjian To: Date: Mon, 17 Sep 2018 16:23:09 +0800 Message-ID: <1537172589-19628-1-git-send-email-wangyunjian@huawei.com> X-Mailer: git-send-email 1.9.5.msysgit.1 MIME-Version: 1.0 X-Originating-IP: [10.177.24.66] X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: stone.zhou@huawei.com Subject: [ovs-dev] [PATCH] dpif-netdev: Fix "execute" packet length check. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Yunjian Wang The length check is wrong for immediate arguments to "execute" packet. The ethernet header length should be considered. Signed-off-by: Yunjian Wang --- lib/dpif-netdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 9fb82cc..6522f27 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -3632,9 +3632,11 @@ dpif_netdev_execute(struct dpif *dpif, struct dpif_execute *execute) struct dp_netdev *dp = get_dp_netdev(dpif); struct dp_netdev_pmd_thread *pmd; struct dp_packet_batch pp; + int n_vlan = flow_count_vlan_headers(execute->flow); if (dp_packet_size(execute->packet) < ETH_HEADER_LEN || - dp_packet_size(execute->packet) > UINT16_MAX) { + dp_packet_size(execute->packet) > UINT16_MAX + + ETH_HEADER_LEN + VLAN_HEADER_LEN * n_vlan) { return EINVAL; }