[Medium] Patch ceph for CVE-2020-10724

microsoft · Feb 5, 2025 · bcae7ce · bcae7ce
1 parent 27292f7
commit bcae7ce
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/SPECS/ceph/CVE-2020-10724.patch b/SPECS/ceph/CVE-2020-10724.patch
@@ -0,0 +1,55 @@
+From 57c19156f1c7075d2b27f48d62cedc3992811c2b Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Wed, 5 Feb 2025 12:55:00 -0800
+Subject: [PATCH] [Medium] Patch ceph for CVE-2020-10724
+
+Link: https://git.dpdk.org/dpdk/patch/?id=acd4c92fa693bbea695f2bb42bb93fb8567c3ca5
+---
+ .../dpdk/lib/librte_vhost/vhost_crypto.c        | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+index 0edf12d52..9d569fcc5 100644
+--- a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+@@ -246,6 +246,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform,
+ 	if (unlikely(ret < 0))
+ 		return ret;
+
++	if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid cipher key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ 	xform->cipher.algo = (enum rte_crypto_cipher_algorithm)ret;
+ 	xform->cipher.key.length = param->cipher_key_len;
+@@ -296,6 +301,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms,
+ 	ret = cipher_algo_transform(param->cipher_algo);
+ 	if (unlikely(ret < 0))
+ 		return ret;
++
++	if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid cipher key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ 	xform_cipher->cipher.algo = (enum rte_crypto_cipher_algorithm)ret;
+ 	xform_cipher->cipher.key.length = param->cipher_key_len;
+@@ -311,6 +322,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms,
+ 	ret = auth_algo_transform(param->hash_algo);
+ 	if (unlikely(ret < 0))
+ 		return ret;
++
++	if (param->auth_key_len > VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid auth key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform_auth->auth.algo = (enum rte_crypto_auth_algorithm)ret;
+ 	xform_auth->auth.digest_length = param->digest_len;
+ 	xform_auth->auth.key.length = param->auth_key_len;
+-- 
+2.34.1
+
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
@@ -24,6 +24,7 @@ Patch9:         CVE-2021-3672.patch
 Patch10:        CVE-2020-10722.patch
 Patch11:        CVE-2024-25629.patch
 Patch12:        CVE-2021-24032.patch
+Patch13:        CVE-2020-10724.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -2019,6 +2020,7 @@ exit 0
 - Fix for CVE-2020-10722
 - Fix for CVE-2024-25629
 - Fix for CVE-2021-24032
+- Fix for CVE-2020-10724
 
 * Tue Jan 28 2025 Kevin Lockwood <[email protected]> - 18.2.2-4
 - Fix for CVE-2014-5461