summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOle Troan <ot@cisco.com>2022-01-11 16:08:23 +0100
committerDamjan Marion <dmarion@me.com>2022-01-12 09:57:43 +0000
commitde3648db09b2102224eba50fe7019ee388fa26e5 (patch)
treef33f119c50fb1b20cee091a2e41ff1729cfacbe3
parente60f2f678d2fe242471549525dd70a3bba90ae17 (diff)
ip: coverity illegal access in ip6_ext_header_walk
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
-rw-r--r--src/vnet/ip/ip6_packet.h11
1 files changed, 2 insertions, 9 deletions
diff --git a/src/vnet/ip/ip6_packet.h b/src/vnet/ip/ip6_packet.h
index 7f337a61be6..fecec7cdf5b 100644
--- a/src/vnet/ip/ip6_packet.h
+++ b/src/vnet/ip/ip6_packet.h
@@ -666,7 +666,7 @@ typedef struct
} ip6_ext_hdr_chain_t;
/*
- * find ipv6 extension header within ipv6 header within
+ * Find ipv6 extension header within ipv6 header within
* whichever is smallest of buffer or IP6_EXT_HDR_MAX_DEPTH.
* The complete header chain must be in first buffer.
*
@@ -710,16 +710,9 @@ ip6_ext_header_walk (vlib_buffer_t *b, ip6_header_t *ip, int find_hdr_type,
next_header = ip6_ext_next_header_s (next_proto, next_header, max_offset,
&offset, &next_proto, &last);
}
- if (ip6_ext_hdr (res->eh[i].protocol))
- {
- /* Header chain is not terminated */
- ;
- }
res->length = i;
if (find_hdr_type < 0)
- {
- return i - 1;
- }
+ return i - 1;
return found != -1 ? found : i - 1;
}