From 5677e68c05d8b205b121e8f54f3eab61990b77eb Mon Sep 17 00:00:00 2001 From: Fan Zhang Date: Mon, 28 Sep 2020 11:59:14 +0100 Subject: [PATCH] vhost/crypto: fix descriptor deduction This patch fixes the incorrect descriptor deduction for vhost crypto. CVE-2020-14378 Fixes: 16d2e718b8ce ("vhost/crypto: fix possible out of bound access") Cc: stable@dpdk.org Signed-off-by: Fan Zhang Acked-by: Chenbo Xia --- lib/librte_vhost/vhost_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c index 0f9df4059d..86747dd5f3 100644 --- a/lib/librte_vhost/vhost_crypto.c +++ b/lib/librte_vhost/vhost_crypto.c @@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc, int left = size - desc->len; while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) { - (*nb_descs)--; if (unlikely(*nb_descs == 0 || desc->next >= vq_size)) return -1; desc = &head[desc->next]; rte_prefetch0(&head[desc->next]); left -= desc->len; + if (left > 0) + (*nb_descs)--; } if (unlikely(left > 0)) -- 2.20.1