From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7122B45C9B for ; Tue, 12 Nov 2024 23:10:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6C9684064C; Tue, 12 Nov 2024 23:10:17 +0100 (CET) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mails.dpdk.org (Postfix) with ESMTP id 217F04064C for ; Tue, 12 Nov 2024 23:10:16 +0100 (CET) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4319399a411so59047435e9.2 for ; Tue, 12 Nov 2024 14:10:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731449416; x=1732054216; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SnSoPZPD1ATyjExM/OtohlHT1PT6jDmS1GfzlR+Zi+o=; b=GunMxpeWf43IXLlmnoq8WuKlI2JNte18+3315F1SONQLS63X0Ck3BPNJhjP8nACJyB QPJtnqgqbI0Y77xDIM9b6raNkYWRKsDuwFD+6FblozRu90iAACA6+oZ8Q+KYS4Fz2thJ mgRwa6ujwlzH8O+Aesazr4C/4geiLhvdyrfkKk+v1CUgr9Ivz3sOWEQm6UGbP4KHyCYC INZinnciyCEZtTdlpnRcqCFRJiILyumUQTeNzSgVbMKaSYhUKkQqscceQ2YIlhqP65+p MgWGlL1r76tDZiXgSdnhSG5tSK3lxpMSkR6RRRXgcjEvDbnzwPDVT/SS8HPexIC9VgB3 gqzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731449416; x=1732054216; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SnSoPZPD1ATyjExM/OtohlHT1PT6jDmS1GfzlR+Zi+o=; b=QD1K33pQEp/RFXoSSvMistGMsFQHL0H9bFoaqh0jh4Ezow9I5cT6h0Qql0VGDsce8F D1jOk1ZggQcETp1Zp12dxWmVOxxyzJif6WML2l9MtU9N4pSYP0Xy2AAPRgWnrQUJnLxs ElgqxLVxhq1ljqJ+mzWE4WErIV1I8izA0+q5cUlzXqXnf4mzK1DlRFglXrM0tVsol6RE fdz4Kwb5tzkqkFRuKv9e5uthspgCDBr8Me4QjO3aV9MiBJr0M5hCGxSVlf5L5ytT2A96 c0Z0OrGhuzOO4I4kKo9eMjoidBSNvyCubyZ+QzfGkspJVmeyzxrpJzhz+a79RKZFCQox a/rg== X-Gm-Message-State: AOJu0YypZ6PvSxow07kPHJuqHGuUw2SbkgYFUJxs+j3oZWgljHOZmNih 9KYrkXCu0bB0boSv/tbCb1oMGPqbG06BYiGFRbgB1ZWBMTOf2hwYnJtZIw== X-Google-Smtp-Source: AGHT+IHQwhG2TcT1pPq1Nrs3HUmoClt8mryqr/2rzP/RsbPRetoU1mBKLa1NqLX1dD8IUC1uzCQvQg== X-Received: by 2002:a05:6000:144a:b0:37d:53a7:a635 with SMTP id ffacd0b85a97d-381f188c79dmr13499628f8f.51.1731449415617; Tue, 12 Nov 2024 14:10:15 -0800 (PST) Received: from localhost ([2a01:4b00:d036:ae00:e89d:e9a1:da72:2f9d]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-381eda04ceasm16189876f8f.102.2024.11.12.14.10.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 14:10:15 -0800 (PST) From: luca.boccassi@gmail.com To: Stephen Hemminger Cc: dpdk stable Subject: patch 'crypto/openssl: fix potential string overflow' has been queued to stable release 22.11.7 Date: Tue, 12 Nov 2024 22:07:48 +0000 Message-ID: <20241112220754.666489-38-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241112220754.666489-1-luca.boccassi@gmail.com> References: <20241023211704.1216956-79-luca.boccassi@gmail.com> <20241112220754.666489-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/14/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/ed2eb5bc8104fdf561f2a547eeb93872e0e057f2 Thanks. Luca Boccassi --- >From ed2eb5bc8104fdf561f2a547eeb93872e0e057f2 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 17 Oct 2024 09:07:53 -0700 Subject: [PATCH] crypto/openssl: fix potential string overflow [ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ] The algorithm name is a string and should be copied with strlcpy() rather than rte_memcpy(). This fixes a warning detected with clang and ASAN. Bugzilla ID: 1565 Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations") Signed-off-by: Stephen Hemminger --- drivers/crypto/openssl/rte_openssl_pmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 0d4c84c18b..7eaa9650b6 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -676,7 +676,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, else return -EINVAL; - rte_memcpy(algo_name, algo, strlen(algo) + 1); + strlcpy(algo_name, algo, sizeof(algo_name)); params[0] = OSSL_PARAM_construct_utf8_string( OSSL_MAC_PARAM_CIPHER, algo_name, 0); params[1] = OSSL_PARAM_construct_end(); -- 2.45.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-11-12 22:06:59.873071652 +0000 +++ 0038-crypto-openssl-fix-potential-string-overflow.patch 2024-11-12 22:06:58.687307516 +0000 @@ -1 +1 @@ -From c5819b0d96d1a24c25aa4324913fd2566eb19ae9 Mon Sep 17 00:00:00 2001 +From ed2eb5bc8104fdf561f2a547eeb93872e0e057f2 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ] + @@ -12 +13,0 @@ -Cc: stable@dpdk.org @@ -20 +21 @@ -index 0616383921..b2442c7ebf 100644 +index 0d4c84c18b..7eaa9650b6 100644 @@ -23 +24 @@ -@@ -677,7 +677,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, +@@ -676,7 +676,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,