[bug report] net/mlx5e: CT: Save ct entries tuples in hashtables

* [bug report] net/mlx5e: CT: Save ct entries tuples in hashtables
@ 2020-07-14 10:00 dan.carpenter
  0 siblings, 0 replies; only message in thread
From: dan.carpenter @ 2020-07-14 10:00 UTC (permalink / raw)
  To: paulb; +Cc: Paul Blakey, linux-rdma

Hello Paul Blakey,

The patch bc562be9674b: "net/mlx5e: CT: Save ct entries tuples in
hashtables" from Mar 29, 2020, leads to the following static checker
warning:

	drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:246 mlx5_tc_ct_rule_to_tuple_nat()
	error: buffer overflow 'tuple->ip.src_v6.in6_u.u6_addr32' 4 <= 7

drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
   229  
   230                  offset = act->mangle.offset;
   231                  val = act->mangle.val;
   232                  switch (act->mangle.htype) {
   233                  case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
   234                          if (offset == offsetof(struct iphdr, saddr))
   235                                  tuple->ip.src_v4 = cpu_to_be32(val);
   236                          else if (offset == offsetof(struct iphdr, daddr))
   237                                  tuple->ip.dst_v4 = cpu_to_be32(val);
   238                          else
   239                                  return -EOPNOTSUPP;
   240                          break;
   241  
   242                  case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
   243                          ip6_offset = (offset - offsetof(struct ipv6hdr, saddr));
   244                          ip6_offset /= 4;
   245                          if (ip6_offset < 8)
                                    ^^^^^^^^^^^^^^

   246                                  tuple->ip.src_v6.s6_addr32[ip6_offset] = cpu_to_be32(val);
                                                         ^^^^^^^^^^^^^^^^^^^^^
This is a 4 element array.

   247                          else
   248                                  return -EOPNOTSUPP;
   249                          break;
   250  
   251                  case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
   252                          if (offset == offsetof(struct tcphdr, source))
   253                                  tuple->port.src = cpu_to_be16(val);
   254                          else if (offset == offsetof(struct tcphdr, dest))
   255                                  tuple->port.dst = cpu_to_be16(val);
   256                          else
   257                                  return -EOPNOTSUPP;
   258                          break;

regards,
dan carpenter

^ permalink raw reply	[flat|nested] only message in thread