rtl8139: avoid nested ifs in IP header parsing

Transmit offload needs to parse packet headers.  If header fields have
unexpected values the offload processing is skipped.

The code currently uses nested ifs because there is relatively little
input validation.  The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[Backport to qemu-xen-tradition]
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 20e486a4e75f0045cfad5c43acc3943bc586c6df..44c221c40121bb3f86242c7afa0a882c1b80d24d 100644 (file)
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -2113,26 +2113,30 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
             size_t   eth_payload_len  = 0;
 
             int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
-            if (proto == ETH_P_IP)
+            if (proto != ETH_P_IP)
             {
-                DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
+                goto skip_offload;
+            }
 
-                /* not aligned */
-                eth_payload_data = saved_buffer + ETH_HLEN;
-                eth_payload_len  = saved_size   - ETH_HLEN;
+            DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
 
-                ip = (ip_header*)eth_payload_data;
+            /* not aligned */
+            eth_payload_data = saved_buffer + ETH_HLEN;
+            eth_payload_len  = saved_size   - ETH_HLEN;
 
-                if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
-                    DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version %d expected %d\n", IP_HEADER_VERSION(ip), IP_HEADER_VERSION_4));
-                    ip = NULL;
-                } else {
-                    hlen = IP_HEADER_LENGTH(ip);
-                    ip_protocol = ip->ip_p;
-                    ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
-                }
+            ip = (ip_header*)eth_payload_data;
+
+            if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+                DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version %d "
+                             "expected %d\n", IP_HEADER_VERSION(ip),
+                             IP_HEADER_VERSION_4));
+                goto skip_offload;
             }
 
+            hlen = IP_HEADER_LENGTH(ip);
+            ip_protocol = ip->ip_p;
+            ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
             if (ip)
             {
                 if (txdw0 & CP_TX_IPCS)
@@ -2315,6 +2319,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
             }
         }
 
+skip_offload:
         /* update tally counter */
         ++s->tally_counters.TxOk;