git.droids-corp.org - dpdk.git/commit

author	Fan Zhang <roy.fan.zhang@intel.com>
	Mon, 28 Sep 2020 10:59:18 +0000 (11:59 +0100)
committer	Thomas Monjalon <thomas@monjalon.net>
	Mon, 28 Sep 2020 11:19:13 +0000 (13:19 +0200)
commit	2d962bb73652149cf3d839212180c69b7c52faf2
tree	5e195a359f6efb92ca211f3610fa1786aea49155	tree \| snapshot
parent	e15b7c01120eccae3b0f14b80ef0ee439beb3221	commit \| diff

vhost/crypto: fix possible TOCTOU attack

This patch fixes the possible time-of-check to time-of-use (TOCTOU)
attack problem by copying request data and descriptor index to local
variable prior to process.

Also the original sequential read of descriptors may lead to TOCTOU
attack. This patch fixes the problem by loading all descriptors of a
request to local buffer before processing.

CVE-2020-14375
Fixes: 3bb595ecd682 ("vhost/crypto: add request handler")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>

lib/librte_vhost/rte_vhost_crypto.h		diff \| blob \| history
lib/librte_vhost/vhost_crypto.c		diff \| blob \| history