patch 'crypto/openssl: fix potential string overflow' has been queued to stable release 22.11.7

luca.boccassi at gmail.com luca.boccassi at gmail.com
Tue Nov 12 23:07:48 CET 2024

Previous message (by thread): patch 'baseband/acc: fix ring memory allocation' has been queued to stable release 22.11.7
Next message (by thread): patch 'test/crypto: fix synchronous API calls' has been queued to stable release 22.11.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/14/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/ed2eb5bc8104fdf561f2a547eeb93872e0e057f2

Thanks.

Luca Boccassi

---
>From ed2eb5bc8104fdf561f2a547eeb93872e0e057f2 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Thu, 17 Oct 2024 09:07:53 -0700
Subject: [PATCH] crypto/openssl: fix potential string overflow

[ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ]

The algorithm name is a string and should be copied with strlcpy()
rather than rte_memcpy(). This fixes a warning detected with
clang and ASAN.

Bugzilla ID: 1565
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0d4c84c18b..7eaa9650b6 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -676,7 +676,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		else
 			return -EINVAL;
 
-		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		strlcpy(algo_name, algo, sizeof(algo_name));
 		params[0] = OSSL_PARAM_construct_utf8_string(
 				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
 		params[1] = OSSL_PARAM_construct_end();
-- 
2.45.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-12 22:06:59.873071652 +0000
+++ 0038-crypto-openssl-fix-potential-string-overflow.patch	2024-11-12 22:06:58.687307516 +0000
@@ -1 +1 @@
-From c5819b0d96d1a24c25aa4324913fd2566eb19ae9 Mon Sep 17 00:00:00 2001
+From ed2eb5bc8104fdf561f2a547eeb93872e0e057f2 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit c5819b0d96d1a24c25aa4324913fd2566eb19ae9 ]
+
@@ -12 +13,0 @@
-Cc: stable at dpdk.org
@@ -20 +21 @@
-index 0616383921..b2442c7ebf 100644
+index 0d4c84c18b..7eaa9650b6 100644
@@ -23 +24 @@
-@@ -677,7 +677,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
+@@ -676,7 +676,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,

Previous message (by thread): patch 'baseband/acc: fix ring memory allocation' has been queued to stable release 22.11.7
Next message (by thread): patch 'test/crypto: fix synchronous API calls' has been queued to stable release 22.11.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list