Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding error checks for ctx_load_bytes. #16138

Merged
merged 1 commit into from Jun 3, 2021
Merged

Adding error checks for ctx_load_bytes. #16138

merged 1 commit into from Jun 3, 2021

Conversation

trvll
Copy link
Contributor

@trvll trvll commented May 13, 2021

The function ctx_load_bytes() was being called without checking for return errors.
This could let to a possible evaluation of an uninitialized variable.

Added a verification to drop packets when ctx_load_bytes() returns error.

Signed-off-by: Thales Paiva thales@accuknox.com

Fixes: #16076

@trvll trvll requested review from a team and jrfastab May 13, 2021 12:44
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 13, 2021
@trvll trvll mentioned this pull request May 17, 2021
Closed
pchaigno
pchaigno requested changes May 21, 2021
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple styling problems.

bpf/lib/ipv6.h Outdated Show resolved Hide resolved
bpf/lib/ipv6.h Outdated Show resolved Hide resolved
@pchaigno pchaigno added release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. labels May 21, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 21, 2021
@trvll trvll force-pushed the fix_ipv6_uninitiliazed_var branch from 6132834 to fef5efc Compare May 21, 2021 20:14
@trvll trvll requested a review from pchaigno May 21, 2021 20:22
@trvll
Adding error checks for ctx_load_bytes.
490485d 
The function ctx_load_bytes() was being called without checking for return errors.
This could let to a possible evaluation of an uninitializaed variable.

Added a verification to drop packets when ctx_load_bytes() returns error.

Signed-off-by: Thales Paiva <thales@accuknox.com>
@trvll trvll force-pushed the fix_ipv6_uninitiliazed_var branch from fef5efc to 490485d Compare May 21, 2021 21:07
@pchaigno
Copy link
Member

test-me-please

@nathanjsweet
Copy link
Member

k8s-1.21-kernel-4.9 is running into #13011.
Marking as ready-to-merge. I'll merge tomorrow if there are no intervening objections.

@nathanjsweet nathanjsweet added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 2, 2021
@nathanjsweet nathanjsweet merged commit efedf4d into cilium:master Jun 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

@jrfastab jrfastab Awaiting requested review from jrfastab

Assignees

@jrfastab jrfastab

Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The return for ctx_load_bytes() isn't being checked
4 participants
@trvll @pchaigno @nathanjsweet @jrfastab