From: Andrew Boyer <andrew.boyer@amd.com>
To: <dev@dpdk.org>
Cc: Andrew Boyer <andrew.boyer@amd.com>
Subject: [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session
Date: Mon, 1 Jul 2024 08:22:49 -0700 [thread overview]
Message-ID: <20240701152250.46978-1-andrew.boyer@amd.com> (raw)
Coverity pointed out that, if the final segment of the session key being
written is not a full segment, the loop could potentially read past the
end of the source buffer. Use RTE_MIN() to make sure to only copy as much
of the key as is left.
Coverity issue: 426432
Fixes: 6bc7f2cf6687 ("crypto/ionic: support sessions")
Signed-off-by: Andrew Boyer <andrew.boyer@amd.com>
---
drivers/crypto/ionic/ionic_crypto_main.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ionic/ionic_crypto_main.c b/drivers/crypto/ionic/ionic_crypto_main.c
index d4810e3617..9960dc3a6d 100644
--- a/drivers/crypto/ionic/ionic_crypto_main.c
+++ b/drivers/crypto/ionic/ionic_crypto_main.c
@@ -193,7 +193,7 @@ iocpt_session_write(struct iocpt_session_priv *priv,
};
struct iocpt_sess_control_cmd *cmd = &ctx.cmd.sess_control;
uint16_t key_offset;
- uint8_t key_segs, seg;
+ uint8_t key_segs, seg, seg_len;
int err;
key_segs = ((priv->key_len - 1) >> IOCPT_SESS_KEY_SEG_SHFT) + 1;
@@ -202,8 +202,9 @@ iocpt_session_write(struct iocpt_session_priv *priv,
ctx.pending_work = true;
key_offset = seg * cmd->key_seg_len;
- memcpy(cmd->key, &priv->key[key_offset],
- IOCPT_SESS_KEY_SEG_LEN);
+ seg_len = (uint8_t)RTE_MIN(priv->key_len - key_offset,
+ IOCPT_SESS_KEY_SEG_LEN);
+ memcpy(cmd->key, &priv->key[key_offset], seg_len);
cmd->key_seg_idx = seg;
/* Mark final segment */
--
2.17.1
next reply other threads:[~2024-07-01 15:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-01 15:22 Andrew Boyer [this message]
2024-07-01 15:22 ` [PATCH 2/2] crypto/ionic: fix sign extension in queue allocation Andrew Boyer
2024-07-03 17:30 ` [EXTERNAL] [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240701152250.46978-1-andrew.boyer@amd.com \
--to=andrew.boyer@amd.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).