patch 'crypto/ipsec_mb: fix buffer overrun' has been queued to stable release 21.11.1

Kevin Traynor ktraynor at redhat.com
Mon Feb 21 16:36:17 CET 2022

Previous message (by thread): patch 'crypto/ipsec_mb: fix premature dereference' has been queued to stable release 21.11.1
Next message (by thread): patch 'crypto/qat: fix GEN4 AEAD job in raw data path' has been queued to stable release 21.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 21.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 02/26/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/98ec92641b262818a0df3833050de871efb91acf

Thanks.

Kevin

---
>From 98ec92641b262818a0df3833050de871efb91acf Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Thu, 20 Jan 2022 17:04:55 +0000
Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun

[ upstream commit 4582f79c7bd06ff99c0b82b6995c37edda156fea ]

Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.

Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Acked-by: Ciara Power <ciara.power at intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d37cc787a0..d177961ea5 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -849,5 +849,5 @@ struct aesni_mb_session {
 			struct gcm_key_data gcm_key;
 			/* *< Expanded GCM key */
-			uint8_t zuc_cipher_key[16];
+			uint8_t zuc_cipher_key[32];
 			/* *< ZUC cipher key */
 			snow3g_key_schedule_t pKeySched_snow3g_cipher;
@@ -894,5 +894,5 @@ struct aesni_mb_session {
 			} cmac;
 			/* *< Expanded XCBC authentication keys */
-			uint8_t zuc_auth_key[16];
+			uint8_t zuc_auth_key[32];
 			/* *< ZUC authentication key */
 			snow3g_key_schedule_t pKeySched_snow3g_auth;
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-02-21 15:22:48.610151030 +0000
+++ 0188-crypto-ipsec_mb-fix-buffer-overrun.patch	2022-02-21 15:22:44.374704764 +0000
@@ -1 +1 @@
-From 4582f79c7bd06ff99c0b82b6995c37edda156fea Mon Sep 17 00:00:00 2001
+From 98ec92641b262818a0df3833050de871efb91acf Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4582f79c7bd06ff99c0b82b6995c37edda156fea ]
+
@@ -14 +15,0 @@
-Cc: stable at dpdk.org

Previous message (by thread): patch 'crypto/ipsec_mb: fix premature dereference' has been queued to stable release 21.11.1
Next message (by thread): patch 'crypto/qat: fix GEN4 AEAD job in raw data path' has been queued to stable release 21.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list