acd4c92fa6
transform_cipher_param() and transform_chain_param() handle
the payload data for the VHOST_USER_CRYPTO_CREATE_SESS
message. These payloads have to be validated, since it
could come from untrusted sources.
Two buffers and their lengths are defined in this payload,
one the the auth key and one for the cipher key. But above
functions do not validate the key length inputs, which could
lead to read out of bounds, as buffers have static sizes of
64 bytes for the cipher key and 512 bytes for the auth key.
This patch adds necessary checks on the key length field
before being used.
CVE-2020-10724
Fixes:
|
||
|---|---|---|
| .ci | ||
| app | ||
| buildtools | ||
| config | ||
| devtools | ||
| doc | ||
| drivers | ||
| examples | ||
| kernel | ||
| lib | ||
| license | ||
| mk | ||
| usertools | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| ABI_VERSION | ||
| GNUmakefile | ||
| MAINTAINERS | ||
| Makefile | ||
| meson_options.txt | ||
| meson.build | ||
| README | ||
| VERSION | ||
DPDK is a set of libraries and drivers for fast packet processing. It supports many processor architectures and both FreeBSD and Linux. The DPDK uses the Open Source BSD-3-Clause license for the core libraries and drivers. The kernel components are GPL-2.0 licensed. Please check the doc directory for release notes, API documentation, and sample application information. For questions and usage discussions, subscribe to: users@dpdk.org Report bugs and issues to the development mailing list: dev@dpdk.org