Skip to content

Commit

Permalink
examples/ipsec-secgw: fix partial overflow
Browse files Browse the repository at this point in the history 
[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
  • Loading branch information
@bdoole1 @bluca
bdoole1 authored and bluca committed Nov 23, 2023
1 parent 7db4cec commit b7030fd
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions examples/ipsec-secgw/ipsec.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,11 +224,18 @@ struct ipsec_ctx {
uint64_t ipv6_offloads;
};

/*
* This structure is used for the key in hash table.
* Padding is to force the struct to use 8 bytes,
* to ensure memory is not read past this structs boundary
* (hash key calculation reads 8 bytes if this struct is size 5 bytes).
*/
struct cdev_key {
uint16_t lcore_id;
uint8_t cipher_algo;
uint8_t auth_algo;
uint8_t aead_algo;
uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
};

struct socket_ctx {
Expand Down

0 comments on commit b7030fd

Please sign in to comment.