vhost/crypto: fix descriptor deduction

This patch fixes the incorrect descriptor deduction for vhost crypto.

CVE-2020-14378
Fixes: 16d2e718b8ce ("vhost/crypto: fix possible out of bound access")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>

diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
index 0f9df40..86747dd 100644 (file)
--- a/lib/librte_vhost/vhost_crypto.c
+++ b/lib/librte_vhost/vhost_crypto.c
@@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc,
        int left = size - desc->len;
 
        while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) {
-               (*nb_descs)--;
                if (unlikely(*nb_descs == 0 || desc->next >= vq_size))
                        return -1;
 
                desc = &head[desc->next];
                rte_prefetch0(&head[desc->next]);
                left -= desc->len;
+               if (left > 0)
+                       (*nb_descs)--;
        }
 
        if (unlikely(left > 0))