[dpdk-dev] [PATCH v3] lib/rte_rib6: fix stack buffer overflow

[Medvedkin, Vladimir]

Hi Owen, David,

Apart from David's comments looks good to me.


On 22/06/2021 10:10, David Marchand wrote:
> On Mon, Jun 21, 2021 at 3:28 PM <ohilyard at iol.unh.edu> wrote:
>>
>> From: Owen Hilyard <ohilyard at iol.unh.edu>
> 
> Hi Owen, Vladimir,
> 
> 
> Owen, two comments on the patch title.
> 
> - We (try to) never prefix with lib/, as it gives no additional info.
> The prefix should be the library name.
> There were some transgressions to this rule, but this was Thomas or me
> being absent minded.
> 
> For other parts of the tree, it is a bit more complex, but if unsure,
> the simplest is to look at the git history.
> Here this is the rib library, so "rib: " is enough.
> 
> 
> - The title purpose is to give a hint of the functional impact: people
> looking for fixes for a type of bug can find it more easily.
> 
> Here, just indicating we are fixing a buffer overflow won't help judge
> in which usecase the issue happenned.
> How about: "rib: fix max depth IPv6 lookup"
> 
> 
>>
>> ASAN found a stack buffer overflow in lib/rib/rte_rib6.c:get_dir.
>> The fix for the stack buffer overflow was to make sure depth
>> was always < 128, since when depth = 128 it caused the index
>> into the ip address to be 16, which read off the end of the array.
>>
>> While trying to solve the buffer overflow, I noticed that a few
>> changes could be made to remove the for loop entirely.
>>
>> Fixes: f7e861e21c ("rib: support IPv6")
> Cc: stable at dpdk.org
> 
>>
>> Signed-off-by: Owen Hilyard <ohilyard at iol.unh.edu>
> 
> 
> Vladimir, can you review this fix?
> 
> Thanks!
> 

Acked-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>

-- 
Regards,
Vladimir