File 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch of Package dpdk.19290
From b485f950c85374f4969c5fa380b574b34622df91 Mon Sep 17 00:00:00 2001
From: Fan Zhang <roy.fan.zhang@intel.com>
Date: Tue, 14 Apr 2020 16:52:47 +0100
Subject: [PATCH 2/6] vhost/crypto: fix incorrect descriptor deduction
This patch fixes the incorrect descriptor deduction for vhost crypto.
CVE-2020-14378
Fixes: 16d2e718b8ce ("vhost/crypto: fix possible out of bound access")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
---
lib/librte_vhost/vhost_crypto.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
index 0f9df4059..86747dd5f 100644
--- a/lib/librte_vhost/vhost_crypto.c
+++ b/lib/librte_vhost/vhost_crypto.c
@@ -530,13 +530,14 @@ move_desc(struct vring_desc *head, struct vring_desc **cur_desc,
int left = size - desc->len;
while ((desc->flags & VRING_DESC_F_NEXT) && left > 0) {
- (*nb_descs)--;
if (unlikely(*nb_descs == 0 || desc->next >= vq_size))
return -1;
desc = &head[desc->next];
rte_prefetch0(&head[desc->next]);
left -= desc->len;
+ if (left > 0)
+ (*nb_descs)--;
}
if (unlikely(left > 0))
--
2.26.2