diff mbox series

crypto/virtio: fix out of bounds access bug

Message ID	20220221180542.439823-1-brian.dooley@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Brian Dooley <brian.dooley@intel.com> To: dev@dpdk.org Cc: Brian Dooley <brian.dooley@intel.com>, roy.fan.zhang@intel.com, Jay Zhou <jianjay.zhou@huawei.com> Subject: [PATCH] crypto/virtio: fix out of bounds access bug Date: Mon, 21 Feb 2022 18:05:42 +0000 Message-Id: <20220221180542.439823-1-brian.dooley@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/virtio: fix out of bounds access bug \| crypto/virtio: fix out of bounds access bug

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/Intel-compilation	success	Compilation OK
ci/github-robot: build	success	github build: passed
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/intel-Testing	success	Testing PASS

Commit Message

Dooley, Brian Feb. 21, 2022, 6:05 p.m. UTC

  Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802

Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: roy.fan.zhang@intel.com

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)

diff mbox series

Patch

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..f3f2e75c00 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@  virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (VIRTIO_CRYPTO_MAX_IV_SIZE < session->iv.length)
+				return -ENOMEM;
+
 			rte_memcpy(crypto_op_cookie->iv,
 					rte_crypto_op_ctod_offset(cop,
 					uint8_t *, session->iv.offset),