[PATCH] examples/ipsec-secgw: fix partial overflow
Brian Dooley
brian.dooley at intel.com
Wed Nov 15 13:31:01 CET 2023
Case of partial overflow detected with ASan. Added extra padding
to cdev_key structure.
This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: sergio.gonzalez.monroy at intel.com
Cc: stable at dpdk.org
Signed-off-by: Brian Dooley <brian.dooley at intel.com>
---
examples/ipsec-secgw/ipsec.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 5059418456..10e7fc179b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -249,11 +249,21 @@ struct offloads {
extern struct offloads tx_offloads;
+/*
+ * This structure is used for the key in hash table.
+ * Padding is added to force the struct to use 8 bytes,
+ * to ensure memory is notread past this structs boundary
+ * (the hash key calculation reads 8 bytes if this struct is size 5 bytes).
+ * The padding should be zeroed.
+ * If fields are modified in this struct, the padding must be updated to
+ * ensure multiple of 8 bytes size overall.
+ */
struct cdev_key {
uint16_t lcore_id;
uint8_t cipher_algo;
uint8_t auth_algo;
uint8_t aead_algo;
+ uint8_t padding[3];
};
struct socket_ctx {
--
2.25.1
More information about the stable
mailing list