[v2] app: fix buffer overrun
Checks
Commit Message
This patch fixes a possible buffer overrun problem in crypto perf test.
Previously when user configured aad size is over 12 bytes the copy of template aad will cause a buffer overrun.
The problem is fixed by only copy up to 12 bytes of aad template.
Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
Cc: pablo.de.lara.guarch@intel.com
Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
---
v2:
- changed to correct fixed line.
app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Comments
> This patch fixes a possible buffer overrun problem in crypto perf test.
> Previously when user configured aad size is over 12 bytes the copy of
> template aad will cause a buffer overrun.
> The problem is fixed by only copy up to 12 bytes of aad template.
>
> Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
> Cc: pablo.de.lara.guarch@intel.com
>
> Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
> ---
> v2:
> - changed to correct fixed line.
>
> app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-
> perf/cperf_test_vectors.c
> index 0af01ff911..2c7e314ec8 100644
> --- a/app/test-crypto-perf/cperf_test_vectors.c
> +++ b/app/test-crypto-perf/cperf_test_vectors.c
> @@ -548,12 +548,16 @@ cperf_test_vector_get_dummy(struct
> cperf_options *options)
> t_vec->aead_key.data = aead_key;
>
> if (options->aead_aad_sz) {
> - t_vec->aad.data = rte_malloc(NULL,
> + t_vec->aad.data = rte_zmalloc(NULL,
> options->aead_aad_sz, 16);
> if (t_vec->aad.data == NULL) {
> rte_free(t_vec);
> return NULL;
> }
> +
> + if(options->aead_aad_sz > 12)
> + options->aead_aad_sz = 12;
Instead of hardcoding, shouldn't this be sizeof(aad)
> +
> memcpy(t_vec->aad.data, aad, options-
> >aead_aad_sz);
> t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec-
> >aad.data);
> t_vec->aad.length = options->aead_aad_sz;
> --
> 2.17.1
>
> --------------------------------------------------------------
> Intel Research and Development Ireland Limited
> Registered in Ireland
> Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
> Registered Number: 308263
>
>
> This e-mail and any attachments may contain confidential material for the
> sole
> use of the intended recipient(s). Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient, please contact the
> sender and delete all copies.
@@ -548,12 +548,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
t_vec->aead_key.data = aead_key;
if (options->aead_aad_sz) {
- t_vec->aad.data = rte_malloc(NULL,
+ t_vec->aad.data = rte_zmalloc(NULL,
options->aead_aad_sz, 16);
if (t_vec->aad.data == NULL) {
rte_free(t_vec);
return NULL;
}
+
+ if(options->aead_aad_sz > 12)
+ options->aead_aad_sz = 12;
+
memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec->aad.data);
t_vec->aad.length = options->aead_aad_sz;