[PATCH v2] crypto/virtio: fix out of bounds access bug

Brian Dooley brian.dooley at intel.com
Tue Feb 22 10:54:51 CET 2022

Previous message (by thread): [PATCH v2] drivers: fix incorrect E-Switch manager vport ID
Next message (by thread): [PATCH v2] crypto/virtio: fix out of bounds access bug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802

Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: roy.fan.zhang at intel.com
Cc: stable at dpdk.org

Signed-off-by: Brian Dooley <brian.dooley at intel.com>

---
v2: Fix checkpatch warning
---
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..08359b3a39 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+				return -ENOMEM;
+
 			rte_memcpy(crypto_op_cookie->iv,
 					rte_crypto_op_ctod_offset(cop,
 					uint8_t *, session->iv.offset),
-- 
2.25.1

Previous message (by thread): [PATCH v2] drivers: fix incorrect E-Switch manager vport ID
Next message (by thread): [PATCH v2] crypto/virtio: fix out of bounds access bug
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list