From b7030fdd80bc8f64af4d5ec43c89f1658e1b49ce Mon Sep 17 00:00:00 2001
From: Brian Dooley <brian.dooley@intel.com>
Date: Wed, 15 Nov 2023 12:31:01 +0000
Subject: [PATCH] examples/ipsec-secgw: fix partial overflow

[ upstream commit ae9267a67e9030c1b069b0df69924aaca17683bb ]

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 examples/ipsec-secgw/ipsec.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 7031e28c46..19d94519b1 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -224,11 +224,18 @@ struct ipsec_ctx {
 	uint64_t ipv6_offloads;
 };
 
+/*
+ * This structure is used for the key in hash table.
+ * Padding is to force the struct to use 8 bytes,
+ * to ensure memory is not read past this structs boundary
+ * (hash key calculation reads 8 bytes if this struct is size 5 bytes).
+ */
 struct cdev_key {
 	uint16_t lcore_id;
 	uint8_t cipher_algo;
 	uint8_t auth_algo;
 	uint8_t aead_algo;
+	uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
 };
 
 struct socket_ctx {