Go to file
Maxime Coquelin 612e17cf6d vhost: fix possible denial of service on SET_VRING_NUM
vhost_user_set_vring_num() performs multiple allocations
without checking whether data were previously allocated.

It may cause a denial of service because of the memory leaks
that happen if a malicious vhost-user master keeps sending
VHOST_USER_SET_VRING_NUM request until the slave runs out
of memory.

This issue has been assigned CVE-2019-14818

Fixes: b0a985d1f3 ("vhost: add dequeue zero copy")

Reported-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
2019-11-12 12:21:17 +01:00
.ci ci: exit setup on any error 2019-09-13 13:19:00 +02:00
app app/testpmd: set maximum LRO packet size 2019-11-12 01:44:05 +01:00
buildtools lib: check experimental symbols with meson 2019-11-09 21:17:12 +01:00
config build: add option to enable LTO 2019-11-08 15:17:05 +01:00
devtools devtools: fix cleanup of checkpatch temporary file 2019-10-21 16:19:00 +02:00
doc doc: update versioning guide for ABI versions 2019-11-12 09:04:25 +01:00
drivers net/mlx5: set maximum LRO packet size 2019-11-12 01:43:47 +01:00
examples examples/vm_power: fix no port in guest 2019-11-12 08:26:25 +01:00
kernel kni: add ability to set min/max MTU 2019-10-27 11:07:43 +01:00
lib vhost: fix possible denial of service on SET_VRING_NUM 2019-11-12 12:21:17 +01:00
license fix dpdk.org URLs 2018-11-26 20:19:24 +01:00
mk mk: fix dpaax library dependency 2019-11-08 23:15:04 +01:00
usertools usertools: fix telemetry client with python 3 2019-10-27 21:38:40 +01:00
.gitattributes improve git diff 2016-11-13 15:25:12 +01:00
.gitignore doc: fix missing asymmetric crypto table 2019-04-18 16:01:28 +02:00
.travis.yml ci: remove LTO job 2019-11-08 20:58:33 +01:00
GNUmakefile test: move to app directory 2019-02-26 15:29:27 +01:00
MAINTAINERS doc: separate versioning guide into version and policy 2019-11-12 09:03:15 +01:00
Makefile license: use SPDX tag in root makefile 2018-01-04 22:41:38 +01:00
meson_options.txt build: support disabling drivers with meson 2019-10-24 01:02:29 +02:00
meson.build build: print list of disabled components 2019-07-02 23:20:26 +02:00
README license: introduce SPDX identifiers 2018-01-04 22:41:38 +01:00
VERSION version: 19.11-rc2 2019-11-12 09:07:25 +01:00

DPDK is a set of libraries and drivers for fast packet processing.
It supports many processor architectures and both FreeBSD and Linux.

The DPDK uses the Open Source BSD-3-Clause license for the core libraries
and drivers. The kernel components are GPL-2.0 licensed.

Please check the doc directory for release notes,
API documentation, and sample application information.

For questions and usage discussions, subscribe to: users@dpdk.org
Report bugs and issues to the development mailing list: dev@dpdk.org