[PATCH v2] crypto/virtio: fix out of bounds access bug
Brian Dooley
brian.dooley at intel.com
Tue Feb 22 10:54:51 CET 2022
Coverity flags an untrusted loop bound. Check length of session iv.
Coverity issue: 375802
Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: roy.fan.zhang at intel.com
Cc: stable at dpdk.org
Signed-off-by: Brian Dooley <brian.dooley at intel.com>
---
v2: Fix checkpatch warning
---
drivers/crypto/virtio/virtio_rxtx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..08359b3a39 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
if (cop->phys_addr)
desc[idx].addr = cop->phys_addr + session->iv.offset;
else {
+ if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+ return -ENOMEM;
+
rte_memcpy(crypto_op_cookie->iv,
rte_crypto_op_ctod_offset(cop,
uint8_t *, session->iv.offset),
--
2.25.1
More information about the stable
mailing list