diff mbox series

[v2] app: fix buffer overrun

Message ID 20210922101511.10395-1-przemyslawx.zegan@intel.com (mailing list archive)
State Changes Requested
Delegated to: akhil goyal
Headers show
Series [v2] app: fix buffer overrun | expand

Checks

Context Check Description
ci/github-robot: build success github build: passed
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-mellanox-Functional fail Functional Testing issues
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-broadcom-Functional fail Functional Testing issues
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/checkpatch warning coding style issues

Commit Message

Przemyslaw Zegan Sept. 22, 2021, 10:15 a.m. UTC
This patch fixes a possible buffer overrun problem in crypto perf test.
Previously when user configured aad size is over 12 bytes the copy of template aad will cause a buffer overrun.
The problem is fixed by only copy up to 12 bytes of aad template.

Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
Cc: pablo.de.lara.guarch@intel.com

Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
---
v2:
- changed to correct fixed line.

 app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Akhil Goyal Oct. 5, 2021, 2:45 p.m. UTC | #1
> This patch fixes a possible buffer overrun problem in crypto perf test.
> Previously when user configured aad size is over 12 bytes the copy of
> template aad will cause a buffer overrun.
> The problem is fixed by only copy up to 12 bytes of aad template.
> 
> Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
> Cc: pablo.de.lara.guarch@intel.com
> 
> Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
> ---
> v2:
> - changed to correct fixed line.
> 
>  app/test-crypto-perf/cperf_test_vectors.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-
> perf/cperf_test_vectors.c
> index 0af01ff911..2c7e314ec8 100644
> --- a/app/test-crypto-perf/cperf_test_vectors.c
> +++ b/app/test-crypto-perf/cperf_test_vectors.c
> @@ -548,12 +548,16 @@ cperf_test_vector_get_dummy(struct
> cperf_options *options)
>  		t_vec->aead_key.data = aead_key;
> 
>  		if (options->aead_aad_sz) {
> -			t_vec->aad.data = rte_malloc(NULL,
> +			t_vec->aad.data = rte_zmalloc(NULL,
>  					options->aead_aad_sz, 16);
>  			if (t_vec->aad.data == NULL) {
>  				rte_free(t_vec);
>  				return NULL;
>  			}
> +
> +			if(options->aead_aad_sz > 12)
> +				options->aead_aad_sz = 12;

Instead of hardcoding, shouldn't this be sizeof(aad)

> +
>  			memcpy(t_vec->aad.data, aad, options-
> >aead_aad_sz);
>  			t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec-
> >aad.data);
>  			t_vec->aad.length = options->aead_aad_sz;
> --
> 2.17.1
> 
> --------------------------------------------------------------
> Intel Research and Development Ireland Limited
> Registered in Ireland
> Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
> Registered Number: 308263
> 
> 
> This e-mail and any attachments may contain confidential material for the
> sole
> use of the intended recipient(s). Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient, please contact the
> sender and delete all copies.
diff mbox series

Patch

diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
index 0af01ff911..2c7e314ec8 100644
--- a/app/test-crypto-perf/cperf_test_vectors.c
+++ b/app/test-crypto-perf/cperf_test_vectors.c
@@ -548,12 +548,16 @@  cperf_test_vector_get_dummy(struct cperf_options *options)
 		t_vec->aead_key.data = aead_key;
 
 		if (options->aead_aad_sz) {
-			t_vec->aad.data = rte_malloc(NULL,
+			t_vec->aad.data = rte_zmalloc(NULL,
 					options->aead_aad_sz, 16);
 			if (t_vec->aad.data == NULL) {
 				rte_free(t_vec);
 				return NULL;
 			}
+
+			if(options->aead_aad_sz > 12)
+				options->aead_aad_sz = 12;
+
 			memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
 			t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec->aad.data);
 			t_vec->aad.length = options->aead_aad_sz;