git.droids-corp.org / dpdk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c78d941) | patch
vhost/crypto: validate keys lengths
authorMaxime Coquelin <maxime.coquelin@redhat.com>
Mon, 18 May 2020 13:17:01 +0000 (14:17 +0100)
committerDavid Marchand <david.marchand@redhat.com>
Mon, 18 May 2020 13:22:34 +0000 (15:22 +0200)
commitacd4c92fa693bbea695f2bb42bb93fb8567c3ca5
treef31c4b439ca6349d3b4b40f00c28c3f35c28501ctree | snapshot
parentc78d94189dced04def987a17f16097fcb197a186commit | diff
vhost/crypto: validate keys lengths

transform_cipher_param() and transform_chain_param() handle
the payload data for the VHOST_USER_CRYPTO_CREATE_SESS
message. These payloads have to be validated, since it
could come from untrusted sources.

Two buffers and their lengths are defined in this payload,
one the the auth key and one for the cipher key. But above
functions do not validate the key length inputs, which could
lead to read out of bounds, as buffers have static sizes of
64 bytes for the cipher key and 512 bytes for the auth key.

This patch adds necessary checks on the key length field
before being used.

CVE-2020-10724
Fixes: e80a98708166 ("vhost/crypto: add session message handler")
Cc: stable@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
lib/librte_vhost/vhost_crypto.c diff | blob | history
DPDK repo used for reviews