From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [dpdk-stable] [PATCH 1/2] ip_frag: check fragment length of incoming packet Date: Mon, 05 Nov 2018 12:37:31 +0100 Message-ID: <1990999.tdZQoCF3K1@xps> References: <1541413603-4792-1-git-send-email-konstantin.ananyev@intel.com> <1541413603-4792-2-git-send-email-konstantin.ananyev@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: stable@dpdk.org, dev@dpdk.org, ryan.e.hall@intel.com, alexander.v.gutkin@intel.com To: Konstantin Ananyev Return-path: In-Reply-To: <1541413603-4792-2-git-send-email-konstantin.ananyev@intel.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 05/11/2018 11:26, Konstantin Ananyev: > Under some conditions ill-formed fragments might cause > reassembly code to corrupt mbufs and/or crash. > Let say the following fragments sequence: > > > > > can trigger the problem. > To overcome such situation, added check that fragment length > of incoming value is greater than zero. > > Reported-by: > Reported-by: Please, could you provide the full names? Note: it is usually inserted just before your Signed-off. > Fixes: 601e279df074 ("ip_frag: move fragmentation/reassembly headers into a library") > Fixes: 4f1a8f633862 ("ip_frag: add IPv6 reassembly") > Cc: stable@dpdk.org > > Signed-off-by: Konstantin Ananyev