[v3,2/2] crypto/nitrox: fix array out of bounds access
Checks
Commit Message
In nitrox_sym_pmd_create() the name array will overflow if the pci
device name is greater than 57 bytes. To fix this issue subtract pci
device name length from array length while appending substring to the
name.
Coverity issue: 349926
Fixes: 9fdef0cc2385 ("crypto/nitrox: create symmetric cryptodev")
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
drivers/crypto/nitrox/nitrox_sym.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
> -----Original Message-----
> From: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
> Sent: Friday, March 27, 2020 7:13 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>
> Cc: dev@dpdk.org; thomas@monjalon.net; jsrikanth@marvell.com;
> Nagadheeraj Rottela <rnagadheeraj@marvell.com>
> Subject: [PATCH v3 2/2] crypto/nitrox: fix array out of bounds access
>
> In nitrox_sym_pmd_create() the name array will overflow if the pci
> device name is greater than 57 bytes. To fix this issue subtract pci
> device name length from array length while appending substring to the
> name.
>
> Coverity issue: 349926
>
> Fixes: 9fdef0cc2385 ("crypto/nitrox: create symmetric cryptodev")
>
> Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
> ---
Cc:stable@dpdk.org
Applied to dpdk-next-crypto
Thanks.
@@ -683,7 +683,8 @@ nitrox_sym_pmd_create(struct nitrox_device *ndev)
struct rte_cryptodev *cdev;
rte_pci_device_name(&ndev->pdev->addr, name, sizeof(name));
- snprintf(name + strlen(name), RTE_CRYPTODEV_NAME_MAX_LEN, "_n5sym");
+ snprintf(name + strlen(name), RTE_CRYPTODEV_NAME_MAX_LEN - strlen(name),
+ "_n5sym");
ndev->rte_sym_dev.driver = &nitrox_rte_sym_drv;
ndev->rte_sym_dev.numa_node = ndev->pdev->device.numa_node;
ndev->rte_sym_dev.devargs = NULL;