d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
acd4c92fa6
numam-dpdk/lib
History
Maxime Coquelin acd4c92fa6 vhost/crypto: validate keys lengths 
transform_cipher_param() and transform_chain_param() handle
the payload data for the VHOST_USER_CRYPTO_CREATE_SESS
message. These payloads have to be validated, since it
could come from untrusted sources.

Two buffers and their lengths are defined in this payload,
one the the auth key and one for the cipher key. But above
functions do not validate the key length inputs, which could
lead to read out of bounds, as buffers have static sizes of
64 bytes for the cipher key and 512 bytes for the auth key.

This patch adds necessary checks on the key length field
before being used.

CVE-2020-10724
Fixes: e80a987081 ("vhost/crypto: add session message handler")
Cc: stable@dpdk.org

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
2020-05-18 15:22:34 +02:00
..
librte_acl
librte_bbdev bbdev: fix doxygen comments 2020-05-11 13:17:43 +02:00
librte_bitratestats
librte_bpf
librte_cfgfile
librte_cmdline
librte_compressdev
librte_cryptodev cryptodev: fix ABI compatibility for ChaCha20-Poly1305 2020-05-11 13:17:43 +02:00
librte_distributor
librte_eal mem: fix overflow on allocation 2020-05-11 17:44:13 +02:00
librte_efd
librte_ethdev doc: refine ethernet and VLAN flow rule items 2020-05-11 22:27:39 +02:00
librte_eventdev eventdev: fix probe and remove for secondary process 2020-05-02 12:31:57 +02:00
librte_fib
librte_flow_classify
librte_graph graph: implement fastpath routines 2020-05-05 23:32:02 +02:00
librte_gro
librte_gso
librte_hash hash: fix gcc 10 maybe-uninitialized warning 2020-05-18 13:54:36 +02:00
librte_ip_frag ip_frag: ensure minimum v6 fragmentation length 2020-04-25 15:15:27 +02:00
librte_ipsec ipsec: check SAD lookup error 2020-05-11 13:17:43 +02:00
librte_jobstats
librte_kni
librte_kvargs kvargs: fix invalid token parsing on FreeBSD 2020-05-06 15:22:19 +02:00
librte_latencystats
librte_lpm lpm6: fix comments spelling 2020-04-24 19:29:02 +02:00
librte_mbuf mbuf: prevent setting mempool ops name empty 2020-04-25 22:56:10 +02:00
librte_member
librte_mempool trace: simplify trace point headers 2020-05-06 13:50:32 +02:00
librte_meter version: reference next ABI 21 for recent additions 2020-05-05 00:25:34 +02:00
librte_metrics telemetry: remove redundant code 2020-05-11 00:37:16 +02:00
librte_net ip_frag: ensure minimum v6 fragmentation length 2020-04-25 15:15:27 +02:00
librte_node node: fix arm64 build with old gcc 2020-05-13 15:38:50 +02:00
librte_pci
librte_pdump
librte_pipeline
librte_port
librte_power
librte_rawdev eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00
librte_rcu rcu: add additional debug logs 2020-04-22 20:46:00 +02:00
librte_reorder
librte_rib
librte_ring ring: fix build for gcc O1 optimization 2020-05-11 19:20:54 +02:00
librte_sched
librte_security security: fix crash at accessing non-implemented ops 2020-04-23 17:56:38 +02:00
librte_stack
librte_table
librte_telemetry telemetry: fix error log output 2020-05-11 18:58:14 +02:00
librte_timer timer: relax barrier for status update 2020-04-26 22:07:38 +02:00
librte_vhost vhost/crypto: validate keys lengths 2020-05-18 15:22:34 +02:00
Makefile eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00
meson.build eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00