Message ID | 20190317090948.38023-1-liq3ea@163.com |
---|---|
State | New |
Headers | show |
Series | cryptodev-vhost-user: fix a oob access | expand |
Hi, > -----Original Message----- > From: Li Qiang [mailto:liq3ea@163.com] > Sent: Sunday, March 17, 2019 5:10 PM > To: Gonglei (Arei) <arei.gonglei@huawei.com> > Cc: qemu-devel@nongnu.org; Li Qiang <liq3ea@163.com> > Subject: [PATCH] cryptodev-vhost-user: fix a oob access > > The 'queue_index' of create/close_session function > is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'. > This leads oob access. This patch avoid this. > > Signed-off-by: Li Qiang <liq3ea@163.com> > --- > backends/cryptodev-vhost-user.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c > index 1052a5d0e9..36a40eeb4d 100644 > --- a/backends/cryptodev-vhost-user.c > +++ b/backends/cryptodev-vhost-user.c > @@ -236,6 +236,8 @@ static int64_t > cryptodev_vhost_user_sym_create_session( > CryptoDevBackendSymSessionInfo *sess_info, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendClient *cc = > backend->conf.peers.ccs[queue_index]; > CryptoDevBackendVhost *vhost_crypto; > @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session( > uint64_t session_id, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendClient *cc = > backend->conf.peers.ccs[queue_index]; > CryptoDevBackendVhost *vhost_crypto; > -- > 2.17.1 > Pls add an assertion for cryptodev-builtin backend though the queue_index isn't used currently. Thanks, -Gonglei
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index 1052a5d0e9..36a40eeb4d 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc = backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto; @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc = backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto;
The 'queue_index' of create/close_session function is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'. This leads oob access. This patch avoid this. Signed-off-by: Li Qiang <liq3ea@163.com> --- backends/cryptodev-vhost-user.c | 4 ++++ 1 file changed, 4 insertions(+)