From: Yuanhan Liu <yliu@fridaylinux.org>
To: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Cc: Fiona Trahe <fiona.trahe@intel.com>, dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'crypto/qat: fix out-of-bounds access' has been queued to LTS release 17.11.1
Date: Thu, 1 Feb 2018 17:47:23 +0800 [thread overview]
Message-ID: <1517478479-12417-9-git-send-email-yliu@fridaylinux.org> (raw)
In-Reply-To: <1517478479-12417-1-git-send-email-yliu@fridaylinux.org>
Hi,
FYI, your patch has been queued to LTS release 17.11.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 02/03/18. So please
shout if anyone has objections.
Thanks.
--yliu
---
>From 5e78a44894532a96dd0ba0a428547bdf2ac476d9 Mon Sep 17 00:00:00 2001
From: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Date: Mon, 22 Jan 2018 17:28:03 +0100
Subject: [PATCH] crypto/qat: fix out-of-bounds access
[ upstream commit 8aa8ee9d2d87ba1a0560cfdbe936c3fd7c5dc12b ]
This commit fixes
- bpi_cipher_encrypt to prevent before 'array subscript is
above array bounds' error
- bpi_cipher_decrypt to prevent before 'array subscript is
above array bounds' error
Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode")
Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
drivers/crypto/qat/qat_crypto.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index a572967..f85c2c8 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -69,6 +69,10 @@
#include "adf_transport_access_macros.h"
#define BYTE_LENGTH 8
+/* bpi is only used for partial blocks of DES and AES
+ * so AES block len can be assumed as max len for iv, src and dst
+ */
+#define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ
static int
qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,
@@ -121,16 +125,16 @@ bpi_cipher_encrypt(uint8_t *src, uint8_t *dst,
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx;
int encrypted_ivlen;
- uint8_t encrypted_iv[16];
- int i;
+ uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN];
+ uint8_t *encr = encrypted_iv;
/* ECB method: encrypt the IV, then XOR this with plaintext */
if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen)
<= 0)
goto cipher_encrypt_err;
- for (i = 0; i < srclen; i++)
- *(dst+i) = *(src+i)^(encrypted_iv[i]);
+ for (; srclen != 0; --srclen, ++dst, ++src, ++encr)
+ *dst = *src ^ *encr;
return 0;
@@ -150,16 +154,16 @@ bpi_cipher_decrypt(uint8_t *src, uint8_t *dst,
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx;
int encrypted_ivlen;
- uint8_t encrypted_iv[16];
- int i;
+ uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN];
+ uint8_t *encr = encrypted_iv;
/* ECB method: encrypt (not decrypt!) the IV, then XOR with plaintext */
if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen)
<= 0)
goto cipher_decrypt_err;
- for (i = 0; i < srclen; i++)
- *(dst+i) = *(src+i)^(encrypted_iv[i]);
+ for (; srclen != 0; --srclen, ++dst, ++src, ++encr)
+ *dst = *src ^ *encr;
return 0;
--
2.7.4
next prev parent reply other threads:[~2018-02-01 9:48 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 9:47 [dpdk-stable] patch 'event/sw: fix debug logging config option' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'service: fix possible mem leak on initialize' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'cmdline: fix dynamic tokens parsing' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'cmdline: avoid garbage in unused fields of parsed result' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'keepalive: fix state alignment' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'log: fix memory leak in regexp level set' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'eal/arm64: remove the braces in memory barrier macros' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'mbuf: fix NULL freeing when debug enabled' " Yuanhan Liu
2018-02-01 9:47 ` Yuanhan Liu [this message]
2018-02-01 9:47 ` [dpdk-stable] patch 'crypto/qat: fix parameter type' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'cryptodev: fix session pointer cast' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'crypto/qat: fix null auth algo overwrite' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix return value of start operation' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/enic: fix crash due to static max number of queues' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/e1000: fix null pointer check' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/i40e: fix memory leak' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix missing RSS capability' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix flow item validation' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix memory region cache lookup' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix memory region cache last index' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/mlx5: fix memory region boundary checks' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/ena: do not set Tx L4 offloads in Rx path' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/virtio-user: fix crash as features change' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/virtio: fix Rx and Tx handler selection for ARM32' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/virtio: fix queue flushing with vector Rx enabled' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/virtio: fix memory leak when reinitializing device' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/i40e: fix VF Rx interrupt enabling' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/ixgbe: " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/e1000: " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/bnxt: fix size of Tx ring in HW' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/bnxt: fix number of pools for RSS' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/qede: check tunnel L3 header' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/qede: fix tunnel header size in Tx BD configuration' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/qede: fix MTU set and max Rx length' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'eal/ppc: remove the braces in memory barrier macros' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'crypto/dpaa2_sec: fix enum conversion for GCM' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'mk: support renamed Makefile in external project' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'crypto/scheduler: fix strncpy' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'ethdev: fix port data reset timing' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'ethdev: fix port id allocation' " Yuanhan Liu
2018-02-11 2:46 ` Yuanhan Liu
2018-02-11 6:40 ` Matan Azrad
2018-02-11 6:54 ` Yuanhan Liu
2018-02-11 7:15 ` Matan Azrad
2018-02-01 9:47 ` [dpdk-stable] patch 'app/testpmd: fix port validation' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'net/ixgbe: fix reset error handling' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'examples/bond: fix vdev name' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'crypto/qat: fix allocation check and leak' " Yuanhan Liu
2018-02-01 9:47 ` [dpdk-stable] patch 'examples/bond: check mbuf allocation' " Yuanhan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517478479-12417-9-git-send-email-yliu@fridaylinux.org \
--to=yliu@fridaylinux.org \
--cc=fiona.trahe@intel.com \
--cc=stable@dpdk.org \
--cc=tomaszx.jozwiak@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).