From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6D08743FC9 for ; Tue, 7 May 2024 15:40:59 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3DC4E402C8; Tue, 7 May 2024 15:40:59 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) by mails.dpdk.org (Postfix) with ESMTP id 11494402B1 for ; Tue, 7 May 2024 15:40:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715089258; x=1746625258; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=oCI3WI0++VSnGV/lKFdmEIMbV6w5+kfpfu6G/iz4VSg=; b=MXbYqlB3pASnoXfLthG4xEWgmPC1fvz7OxHewhvcN5MKOHhStAtyaQ4H RSk/mUpzBy/RO1IFhNg110e5x9j1rxSWA0b7nI0GVj0MVQPP5cPcpVF8c 7Nn6tJrTylaN0wApcATBkAUchgYzNLubZDdChVU59Gk8XIcLfqEkrJIQy YUsYr625bZtyRf53YSEms41GrWnmylTTm82tacLY75DPbZQO8dhFkyWZW dCdSSssPy9JmqsHSg49g0ARzKGXSWxSvbV44ta8VklQpFDJaZEMNTTg8s RD8xC1f3B7sn3QI+csdgsckcdj+QteBIYIp0sDsgxP5I6T6HIRc5NrC6P g==; X-CSE-ConnectionGUID: fc+US8QwS6+Vgq13HVLiyA== X-CSE-MsgGUID: S3IoAafRQuq2xgMp1GrtZg== X-IronPort-AV: E=McAfee;i="6600,9927,11066"; a="36266054" X-IronPort-AV: E=Sophos;i="6.08,261,1712646000"; d="scan'208";a="36266054" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2024 06:40:57 -0700 X-CSE-ConnectionGUID: 7oSLxK7aROWl6F+fUgAhlQ== X-CSE-MsgGUID: GaSjPTCFSjavnujd+yLAug== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,261,1712646000"; d="scan'208";a="65963261" Received: from silpixa00401797.ir.intel.com (HELO silpixa00400355.ger.corp.intel.com) ([10.237.222.113]) by orviesa001.jf.intel.com with ESMTP; 07 May 2024 06:40:56 -0700 From: Ciara Power To: stable@dpdk.org Cc: brian.dooley@intel.com, arkadiuszx.kusztal@intel.com, Ciara Power Subject: [PATCH 22.11 21.11] test/crypto: fix vector global buffer overflow Date: Tue, 7 May 2024 13:40:53 +0000 Message-Id: <20240507134053.5586-1-ciara.power@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org When doing a memcpy of the test vector into a local union variable, the size of the union was used. This meant extra bytes were being copied from the test vector address in the case the vector was smaller in size than the union. This caused a global buffer overflow error detected by Address Sanitizer. To fix this, the size of the test vector is also stored alongside the address, so when copying takes place, the minimum of the union and test vector can be used as the size reference. Fixes: 488f5a23c219 ("test/crypto: check asymmetric crypto") Signed-off-by: Ciara Power --- This issue was fixed by a rework in 2023, so this fix is only applicable to 21.11 and 22.11 LTS releases that are currently maintained. It is not applicable to 23.11 LTS, or current upstream releases. --- app/test/test_cryptodev_asym.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 67659cd1a6..b3345c0a39 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -54,11 +54,15 @@ union test_case_structure { struct rsa_test_data_2 rsa_data; }; +struct vector_details { + uint32_t vector_size; + const void *address; +}; struct test_cases_array { uint32_t size; - const void *address[TEST_VECTOR_SIZE]; + struct vector_details details[TEST_VECTOR_SIZE]; }; -static struct test_cases_array test_vector = {0, { NULL } }; +static struct test_cases_array test_vector = {0, {} }; static uint32_t test_index; @@ -513,14 +517,14 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, } static int -test_one_case(const void *test_case, int sessionless) +test_one_case(struct vector_details test_case, int sessionless) { int status = TEST_SUCCESS, i = 0; char test_msg[ASYM_TEST_MSG_LEN + 1]; /* Map the case to union */ union test_case_structure tc; - memcpy(&tc, test_case, sizeof(tc)); + rte_memcpy(&tc, test_case.address, RTE_MIN(sizeof(tc), test_case.vector_size)); if (tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX || tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) { @@ -572,7 +576,8 @@ load_test_vectors(void) "TEST_VECTOR_SIZE too small\n"); return -1; } - test_vector.address[test_vector.size] = &modex_test_case[i]; + test_vector.details[test_vector.size].address = &modex_test_case[i]; + test_vector.details[test_vector.size].vector_size = sizeof(modex_test_case[i]); test_vector.size++; } /* Load MODINV vector*/ @@ -583,7 +588,8 @@ load_test_vectors(void) "TEST_VECTOR_SIZE too small\n"); return -1; } - test_vector.address[test_vector.size] = &modinv_test_case[i]; + test_vector.details[test_vector.size].address = &modinv_test_case[i]; + test_vector.details[test_vector.size].vector_size = sizeof(modinv_test_case[i]); test_vector.size++; } /* Load RSA vector*/ @@ -594,7 +600,8 @@ load_test_vectors(void) "TEST_VECTOR_SIZE too small\n"); return -1; } - test_vector.address[test_vector.size] = &rsa_test_case_list[i]; + test_vector.details[test_vector.size].address = &rsa_test_case_list[i]; + test_vector.details[test_vector.size].vector_size = sizeof(rsa_test_case_list[i]); test_vector.size++; } return 0; @@ -619,12 +626,12 @@ test_one_by_one(void) /* Go through all test cases */ test_index = 0; for (i = 0; i < test_vector.size; i++) { - if (test_one_case(test_vector.address[i], 0) != TEST_SUCCESS) + if (test_one_case(test_vector.details[i], 0) != TEST_SUCCESS) status = TEST_FAILED; } if (sessionless) { for (i = 0; i < test_vector.size; i++) { - if (test_one_case(test_vector.address[i], 1) + if (test_one_case(test_vector.details[i], 1) != TEST_SUCCESS) status = TEST_FAILED; } -- 2.25.1