[v4] app: fix buffer overrun
Checks
Commit Message
This patch fixes a possible buffer overrun problem in crypto perf test.
Previously when user configured aad size is over 12 bytes the copy of template aad will cause a buffer overrun.
The problem is fixed by only copy up to 12 bytes of aad template.
Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
Cc: pablo.de.lara.guarch@intel.com
Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
v4:
- rebased on top of latest master
v3:
- replaced hardcoded values by sizeof(aad)
v2:
- changed to correct fixed line.
app/test-crypto-perf/cperf_test_vectors.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
> This patch fixes a possible buffer overrun problem in crypto perf test.
> Previously when user configured aad size is over 12 bytes the copy of
> template aad will cause a buffer overrun.
> The problem is fixed by only copy up to 12 bytes of aad template.
>
> Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
> Cc: pablo.de.lara.guarch@intel.com
>
> Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Applied to dpdk-next-crypto
> > This patch fixes a possible buffer overrun problem in crypto perf test.
> > Previously when user configured aad size is over 12 bytes the copy of
> > template aad will cause a buffer overrun.
> > The problem is fixed by only copy up to 12 bytes of aad template.
> >
> > Fixes: 8a5b494a7f99 ("app/test-crypto-perf: add AEAD parameters")
> > Cc: pablo.de.lara.guarch@intel.com
> >
> > Signed-off-by: Przemyslaw Zegan <przemyslawx.zegan@intel.com>
> > Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> Applied to dpdk-next-crypto
Cc: stable@dpdk.org
@@ -590,6 +590,10 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
rte_free(t_vec);
return NULL;
}
+
+ if(options->aead_aad_sz > sizeof(aad))
+ options->aead_aad_sz = sizeof(aad);
+
memcpy(t_vec->aad.data, aad, options->aead_aad_sz);
t_vec->aad.phys_addr = rte_malloc_virt2iova(t_vec->aad.data);
t_vec->aad.length = options->aead_aad_sz;