Commit 344c6525 authored Jun 06, 2024 by Marcin Galecki Committed by Tomasz Zawadzki Jun 10, 2024

nvmf/auth: add dhvlen check



NVMe spec requires that DHVLEN shall be a multiple of 4.
Adding check to verify if host sent reply with valid key length.

Change-Id: I128875d0e931226ec8a46068c8e0709c9fb5fc75
Signed-off-by: Marcin Galecki <marcin.galecki@dell.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/23567


Community-CI: Mellanox Build Bot
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Jim Harris <jim.harris@samsung.com>

parent 5cddbe2a

lib/nvmf/auth.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -361,6 +361,11 @@ nvmf_auth_reply_exec(struct spdk_nvmf_request *req, struct spdk_nvmf_dhchap_repl
		nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PAYLOAD);
		goto out;
		}
		if ((msg->dhvlen % 4) != 0) {
		AUTH_ERRLOG(qpair, "dhvlen=%u is not multiple of 4\n", msg->dhvlen);
		nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PAYLOAD);
		goto out;
		}
		if (req->length != sizeof(msg) + 2 hl + msg->dhvlen) {
		AUTH_ERRLOG(qpair, "invalid message length: %"PRIu32" != %zu\n",
		req->length, sizeof(msg) + 2 hl);