diff mbox series

app: fix buffer overrun

Message ID	20210921132125.6109-1-przemyslawx.zegan@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Przemyslaw Zegan <przemyslawx.zegan@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Przemyslaw Zegan <przemyslawx.zegan@intel.com>, pbhagavatula@marvell.com Date: Tue, 21 Sep 2021 14:21:25 +0100 Message-Id: <20210921132125.6109-1-przemyslawx.zegan@intel.com> Subject: [dpdk-dev] [PATCH] app: fix buffer overrun Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	app: fix buffer overrun \| app: fix buffer overrun

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	fail	Performance Testing issues
ci/iol-mellanox-Functional	fail	Functional Testing issues
ci/iol-broadcom-Functional	fail	Functional Testing issues
ci/iol-x86_64-compile-testing	success	Testing PASS

Commit Message

Przemyslaw Zegan Sept. 21, 2021, 1:21 p.m. UTC

  This patch fixes a possible buffer overrun problem in crypto perf test.
Previously when user configured aad size is over 12 bytes the copy of template aad will cause a buffer overrun.
The problem is fixed by only copy up to 12 bytes of aad template.

Fixes: 761a321acf91 ("event/cnxk: support vectorized Tx event fast path" )
Cc: pbhagavatula@marvell.com

Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
---
 app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Pavan Nikhilesh Bhagavatula Sept. 21, 2021, 2:41 p.m. UTC | #1

>This patch fixes a possible buffer overrun problem in crypto perf test.
>Previously when user configured aad size is over 12 bytes the copy of
>template aad will cause a buffer overrun.
>The problem is fixed by only copy up to 12 bytes of aad template.
>
>Fixes: 761a321acf91 ("event/cnxk: support vectorized Tx event fast
>path" )
>Cc: pbhagavatula@marvell.com
>

I don't see how the above mentioned patch is related to test-crypto-perf.
Could you please recheck?

>Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
>---
> app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
>diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-
>crypto-perf/cperf_test_vectors.c
>index 0af01ff911..2c7e314ec8 100644
>--- a/app/test-crypto-perf/cperf_test_vectors.c
>+++ b/app/test-crypto-perf/cperf_test_vectors.c
>@@ -548,12 +548,16 @@ cperf_test_vector_get_dummy(struct
>cperf_options *options)
> 		t_vec->aead_key.data = aead_key;
>
> 		if (options->aead_aad_sz) {
>-			t_vec->aad.data = rte_malloc(NULL,
>+			t_vec->aad.data = rte_zmalloc(NULL,
> 					options->aead_aad_sz, 16);
> 			if (t_vec->aad.data == NULL) {
> 				rte_free(t_vec);
> 				return NULL;
> 			}
>+
>+			if(options->aead_aad_sz > 12)
>+				options->aead_aad_sz = 12;
>+
> 			memcpy(t_vec->aad.data, aad, options-
>>aead_aad_sz);
> 			t_vec->aad.phys_addr =
>rte_malloc_virt2iova(t_vec->aad.data);
> 			t_vec->aad.length = options->aead_aad_sz;
>--
>2.17.1
>
>--------------------------------------------------------------
>Intel Research and Development Ireland Limited
>Registered in Ireland
>Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
>Registered Number: 308263
>
>
>This e-mail and any attachments may contain confidential material for
>the sole
>use of the intended recipient(s). Any review or distribution by others is
>strictly prohibited. If you are not the intended recipient, please contact
>the
>sender and delete all copies.

diff mbox series

Patch

diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 0af01ff911..2c7e314ec8 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -548,12 +548,16 @@  cperf_test_vector_get_dummy(struct cperf_options *options)
 		t_vec->aead_key.data = aead_key;
 
 		if (options->aead_aad_sz) {
-			t_vec->aad.data = rte_malloc(NULL,
+			t_vec->aad.data = rte_zmalloc(NULL,
 					options->aead_aad_sz, 16);
 			if (t_vec->aad.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
+
+			if(options->aead_aad_sz > 12)
+				options->aead_aad_sz = 12;
+
 			memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
 			t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec->aad.data);
 			t_vec->aad.length = options->aead_aad_sz;