vhost/crypto: fix possible TOCTOU attack
authorFan Zhang <roy.fan.zhang@intel.com>
Mon, 28 Sep 2020 10:59:18 +0000 (11:59 +0100)
committerThomas Monjalon <thomas@monjalon.net>
Mon, 28 Sep 2020 11:19:13 +0000 (13:19 +0200)
commit2d962bb73652149cf3d839212180c69b7c52faf2
tree5e195a359f6efb92ca211f3610fa1786aea49155
parente15b7c01120eccae3b0f14b80ef0ee439beb3221
vhost/crypto: fix possible TOCTOU attack

This patch fixes the possible time-of-check to time-of-use (TOCTOU)
attack problem by copying request data and descriptor index to local
variable prior to process.

Also the original sequential read of descriptors may lead to TOCTOU
attack. This patch fixes the problem by loading all descriptors of a
request to local buffer before processing.

CVE-2020-14375
Fixes: 3bb595ecd682 ("vhost/crypto: add request handler")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
lib/librte_vhost/rte_vhost_crypto.h
lib/librte_vhost/vhost_crypto.c