git.droids-corp.org - dpdk.git/commit

author	Jiayu Hu <jiayu.hu@intel.com>
	Wed, 16 Jan 2019 00:45:33 +0000 (08:45 +0800)
committer	Thomas Monjalon <thomas@monjalon.net>
	Thu, 17 Jan 2019 21:38:54 +0000 (22:38 +0100)
commit	7ccc7a05d6ce57a8db88ccc70d507e7e3d51cd37
tree	24938b78f308a91ae5ff6e26ad1aecf8b131efae	tree \| snapshot
parent	35cb223ab7be6791fa68698c05b94b843b8a5fda	commit \| diff

gro: check invalid TCP header length

When the TCP header length of input packets is invalid (i.e., less
than 20 bytes or greater than 60 bytes), check_seq_option() will
access illegal memory area when compare TCP Options, which may
cause a segmentation fault.

This patch adds missing invalid TCP header length check to avoid
illegal memory accesses.

Fixes: 0d2cbe59b719 ("lib/gro: support TCP/IPv4")
Fixes: 9e0b9d2ec0f4 ("gro: support VxLAN GRO")
Cc: stable@dpdk.org
Signed-off-by: Jiayu Hu <jiayu.hu@intel.com>
Tested-by: Yinan Wang <yinan.wang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

lib/librte_gro/gro_tcp4.c		diff \| blob \| history
lib/librte_gro/gro_tcp4.h		diff \| blob \| history
lib/librte_gro/gro_vxlan_tcp4.c		diff \| blob \| history