From 221b3839b197ea1a0d155dd4b635d4fa3d8123b6 Mon Sep 17 00:00:00 2001
From: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Date: Thu, 16 Jan 2020 05:46:29 -0800
Subject: srv6-mobile: fix the converity issue

Type: fix

Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
---
 src/plugins/srv6-mobile/node.c | 47 +++++++++++++++++++-----------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

(limited to 'src/plugins/srv6-mobile/node.c')

diff --git a/src/plugins/srv6-mobile/node.c b/src/plugins/srv6-mobile/node.c
index de3bc4a6f0d..08357bb1b0e 100644
--- a/src/plugins/srv6-mobile/node.c
+++ b/src/plugins/srv6-mobile/node.c
@@ -416,7 +416,7 @@ VLIB_NODE_FN (srv6_end_m_gtp4_e) (vlib_main_t * vm,
 		      for (index = 0; index < 2; index++)
 			{
 			  sp[index] = dst0.as_u8[offset + 5 + index] << shift;
-			  sp[index] =
+			  sp[index] |=
 			    dst0.as_u8[offset + 6 + index] >> (8 - shift);
 			}
 		    }
@@ -655,7 +655,7 @@ VLIB_NODE_FN (srv6_t_m_gtp4_d) (vlib_main_t * vm,
 	      u8 qfi = 0;
 	      u8 *qfip = NULL;
 	      u16 seq = 0;
-	      u8 *seqp = NULL;
+	      u8 *seqp;
 	      u32 offset, shift, index;
 	      ip6srv_combo_header_t *ip6srv;
 	      gtpu_pdu_session_t *sess = NULL;
@@ -668,6 +668,8 @@ VLIB_NODE_FN (srv6_t_m_gtp4_d) (vlib_main_t * vm,
 	      teid = hdr->gtpu.teid;
 	      teidp = (u8 *) & teid;
 
+	      seqp = (u8 *) & seq;
+
 	      gtpu_type = hdr->gtpu.type;
 
 	      if (hdr->gtpu.ver_flags & (GTPU_EXTHDR_FLAG | GTPU_SEQ_FLAG))
@@ -676,7 +678,6 @@ VLIB_NODE_FN (srv6_t_m_gtp4_d) (vlib_main_t * vm,
 		  hdr_len += sizeof (gtpu_exthdr_t);
 
 		  seq = hdr->gtpu.ext->seq;
-		  seqp = (u8 *) & seq;
 
 		  if (hdr->gtpu.ext->nextexthdr == GTPU_EXTHDR_PDU_SESSION)
 		    {
@@ -1202,7 +1203,7 @@ VLIB_NODE_FN (srv6_end_m_gtp6_e) (vlib_main_t * vm,
 		      for (index = 0; index < 2; index++)
 			{
 			  sp[index] = dst0.as_u8[offset + index] << shift;
-			  sp[index] =
+			  sp[index] |=
 			    dst0.as_u8[offset + index + 1] >> (8 - shift);
 			}
 		    }
@@ -1384,7 +1385,7 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d) (vlib_main_t * vm,
 	  u8 qfi;
 	  u8 *qfip = NULL;
 	  u16 seq = 0;
-	  u8 *seqp = NULL;
+	  u8 *seqp;
 	  u32 offset, shift;
 	  u32 hdrlen;
 	  ip6_header_t *encap = NULL;
@@ -1432,13 +1433,14 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d) (vlib_main_t * vm,
 	      teid = hdr0->gtpu.teid;
 	      teidp = (u8 *) & teid;
 
+	      seqp = (u8 *) & seq;
+
 	      if (hdr0->gtpu.ver_flags & (GTPU_EXTHDR_FLAG | GTPU_SEQ_FLAG))
 		{
 		  // Extention header.
 		  hdrlen += sizeof (gtpu_exthdr_t);
 
 		  seq = hdr0->gtpu.ext->seq;
-		  seqp = (u8 *) & seq;
 
 		  if (hdr0->gtpu.ext->nextexthdr == GTPU_EXTHDR_PDU_SESSION)
 		    {
@@ -1469,8 +1471,7 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d) (vlib_main_t * vm,
 		      || gtpu_type == GTPU_TYPE_ECHO_REPLY
 		      || gtpu_type == GTPU_TYPE_ERROR_INDICATION)
 		    {
-		      if (seqp)
-			clib_memcpy_fast (&seg0.as_u8[offset], seqp, 2);
+		      clib_memcpy_fast (&seg0.as_u8[offset], seqp, 2);
 		    }
 		  else
 		    {
@@ -1499,14 +1500,11 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d) (vlib_main_t * vm,
 		      || gtpu_type == GTPU_TYPE_ECHO_REPLY
 		      || gtpu_type == GTPU_TYPE_ERROR_INDICATION)
 		    {
-		      if (seqp)
+		      for (idx = 0; idx < 2; idx++)
 			{
-			  for (idx = 0; idx < 2; idx++)
-			    {
-			      seg0.as_u8[offset + idx] |= seqp[idx] >> shift;
-			      seg0.as_u8[offset + idx + 1] |=
-				seqp[idx] << (8 - shift);
-			    }
+			  seg0.as_u8[offset + idx] |= seqp[idx] >> shift;
+			  seg0.as_u8[offset + idx + 1] |=
+			    seqp[idx] << (8 - shift);
 			}
 		    }
 		  else
@@ -1840,7 +1838,7 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d_di) (vlib_main_t * vm,
 	  u8 qfi = 0;
 	  u8 *qfip = NULL;
 	  u16 seq = 0;
-	  u8 *seqp = NULL;
+	  u8 *seqp;
 	  u32 offset, shift;
 	  u32 hdrlen;
 	  ip6_header_t *encap = NULL;
@@ -1889,13 +1887,14 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d_di) (vlib_main_t * vm,
 	      teid = hdr0->gtpu.teid;
 	      teidp = (u8 *) & teid;
 
+	      seqp = (u8 *) & seq;
+
 	      if (hdr0->gtpu.ver_flags & (GTPU_EXTHDR_FLAG | GTPU_SEQ_FLAG))
 		{
 		  // Extention header.
 		  hdrlen += sizeof (gtpu_exthdr_t);
 
 		  seq = hdr0->gtpu.ext->seq;
-		  seqp = (u8 *) & seq;
 
 		  if (hdr0->gtpu.ext->nextexthdr == GTPU_EXTHDR_PDU_SESSION)
 		    {
@@ -1924,8 +1923,7 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d_di) (vlib_main_t * vm,
 		      || gtpu_type == GTPU_TYPE_ECHO_REPLY
 		      || gtpu_type == GTPU_TYPE_ERROR_INDICATION)
 		    {
-		      if (seqp)
-			clib_memcpy_fast (&seg0.as_u8[offset], seqp, 2);
+		      clib_memcpy_fast (&seg0.as_u8[offset], seqp, 2);
 		    }
 		  else
 		    {
@@ -1954,14 +1952,11 @@ VLIB_NODE_FN (srv6_end_m_gtp6_d_di) (vlib_main_t * vm,
 		      || gtpu_type == GTPU_TYPE_ECHO_REPLY
 		      || gtpu_type == GTPU_TYPE_ERROR_INDICATION)
 		    {
-		      if (seqp)
+		      for (idx = 0; idx < 2; idx++)
 			{
-			  for (idx = 0; idx < 2; idx++)
-			    {
-			      seg0.as_u8[offset + idx] |= seqp[idx] >> shift;
-			      seg0.as_u8[offset + idx + 1] |=
-				seqp[idx] << (8 - shift);
-			    }
+			  seg0.as_u8[offset + idx] |= seqp[idx] >> shift;
+			  seg0.as_u8[offset + idx + 1] |=
+			    seqp[idx] << (8 - shift);
 			}
 		    }
 		  else
-- 
cgit 1.2.3-korg