From patchwork Mon Feb 21 18:05:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dooley, Brian" X-Patchwork-Id: 107904 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 35878A034E; Mon, 21 Feb 2022 19:06:40 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 07CF74068C; Mon, 21 Feb 2022 19:06:40 +0100 (CET) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mails.dpdk.org (Postfix) with ESMTP id 6E2054013F for ; Mon, 21 Feb 2022 19:06:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645466798; x=1677002798; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=iERL+qiONTl4MVXhrli+xFqVuJHTWrE9jA7uDCeODk8=; b=bMfdCQZTmXBaBgM76JUgCPL1deLbrgL9UQLwdtH32SuQhzaNuPbEd/01 f0RtNiFuB1T1JjVRZiglAIbcLN2rlo0vcPk6zh46q2so2r1iDTbLXEbAn ZCv4knyF/dEklbDcVhascdmLMZlXMrAOfMF+oJhP5F/+OHvdcAQ/RhTHt sUeSiFuOt45twkOe7Ut5pqAQxm1zf/arftRHIggVCD1nDnvUFCqCSxw3x TwsUo+P4zvYUYdQwkYJC7DHhVSq5owy/d27/xsrF17+GPjOLHL+1drKxO nxPnX6xyurBgiD0d3OrEog4fG0p/ecK/BAYf4LIlGStmvmS90vVQcRG1e g==; X-IronPort-AV: E=McAfee;i="6200,9189,10265"; a="251503291" X-IronPort-AV: E=Sophos;i="5.88,386,1635231600"; d="scan'208";a="251503291" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2022 10:06:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,386,1635231600"; d="scan'208";a="547419812" Received: from unknown (HELO silpixa00400883.ir.intel.com) ([10.243.23.143]) by orsmga008.jf.intel.com with ESMTP; 21 Feb 2022 10:06:36 -0800 From: Brian Dooley To: dev@dpdk.org Cc: Brian Dooley , roy.fan.zhang@intel.com, Jay Zhou Subject: [PATCH] crypto/virtio: fix out of bounds access bug Date: Mon, 21 Feb 2022 18:05:42 +0000 Message-Id: <20220221180542.439823-1-brian.dooley@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address") Cc: roy.fan.zhang@intel.com Signed-off-by: Brian Dooley --- drivers/crypto/virtio/virtio_rxtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index a65524a306..f3f2e75c00 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit( if (cop->phys_addr) desc[idx].addr = cop->phys_addr + session->iv.offset; else { + if (VIRTIO_CRYPTO_MAX_IV_SIZE < session->iv.length) + return -ENOMEM; + rte_memcpy(crypto_op_cookie->iv, rte_crypto_op_ctod_offset(cop, uint8_t *, session->iv.offset),