patch 'crypto/openssl: fix potential string overflow' has been queued to stable release 23.11.3

Xueming Li xuemingl at nvidia.com
Sat Dec 7 09:00:03 CET 2024

Previous message (by thread): patch 'baseband/acc: fix ring memory allocation' has been queued to stable release 23.11.3
Next message (by thread): patch 'test/crypto: fix synchronous API calls' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 23.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/10/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=5bda3f3b964cf700d81e203fa3a7fac459b26c60

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 5bda3f3b964cf700d81e203fa3a7fac459b26c60 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Thu, 17 Oct 2024 09:07:53 -0700
Subject: [PATCH] crypto/openssl: fix potential string overflow
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ]

The algorithm name is a string and should be copied with strlcpy()
rather than rte_memcpy(). This fixes a warning detected with
clang and ASAN.

Bugzilla ID: 1565
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7538ae2953..017e74e765 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -677,7 +677,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		else
 			return -EINVAL;

-		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		strlcpy(algo_name, algo, sizeof(algo_name));
 		params[0] = OSSL_PARAM_construct_utf8_string(
 				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
 		params[1] = OSSL_PARAM_construct_end();
--
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-12-06 23:26:45.597487009 +0800
+++ 0045-crypto-openssl-fix-potential-string-overflow.patch	2024-12-06 23:26:43.943044828 +0800
@@ -1 +1 @@
-From c5819b0d96d1a24c25aa4324913fd2566eb19ae9 Mon Sep 17 00:00:00 2001
+From 5bda3f3b964cf700d81e203fa3a7fac459b26c60 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ]
@@ -12 +14,0 @@
-Cc: stable at dpdk.org
@@ -20 +22 @@
-index 0616383921..b2442c7ebf 100644
+index 7538ae2953..017e74e765 100644

Previous message (by thread): patch 'baseband/acc: fix ring memory allocation' has been queued to stable release 23.11.3
Next message (by thread): patch 'test/crypto: fix synchronous API calls' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list