From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8B73D454E3; Mon, 1 Jul 2024 17:23:07 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 64A774014F; Mon, 1 Jul 2024 17:23:07 +0200 (CEST) Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2075.outbound.protection.outlook.com [40.107.92.75]) by mails.dpdk.org (Postfix) with ESMTP id A19B3400EF for ; Mon, 1 Jul 2024 17:23:05 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WjFoT4pc+gEz2INhX44++jIhAHLoHIKGZ7wO8dZh2ygnAd9BrRFgs2toYEf0onhZEpAEQDwLHCvCINTqwYdlLUcYY+2ZDyvgR2Dm2QWFms4IEn0tSgnLsU6xV+AVAu5XC1SkQz899o+Bt22+JR6HwMN01fXQowV7VhVFMB6jSSgvmuFBTXWp//pOE5ccC0hWhaN5Si8DJ7fxlfMICt/jVbuAWLu0q0z/eTFSOeaDfqw6GmlR3aN9T3ImRpjz174gxAoeIweG6lmf29HJl+wPkiIdyShGsv1auNuMyuuIo6GCyOtSqTtomd+7nEVrdCe/+vnPmSl4xlwbWeMDpk7QYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vieOEkl9dYWc3WbICE5N5Hjs3Tf072Q7uZKW0gFdYlM=; b=bcxiPejcQL4H66mRGg/YzGXh5i2YaGOErCxfyndgwNOOViW5mSmCXMnx70Y11nLBExip+FMpQvTGJKYpBrms9TTbivAYYmR2Lt9ZP6V3YxSK+r+4ASwSbBG/mdWnknD1hfk6rERUzEfGO0mIPXckwiluksGyBSocDnkYOPZ+dt6kIV42M+qvaL/qLhlUfubX5wrt7fsE6HxGAodkpTCS64PJowHkaCox7zOVw3bdvKhRzfrb4IaZdjW6YT6L+r7p9jkBFhYBcMXgYHHtrLX36WCl0h1xS7QFu0viUefAALxhZ0yamlMJKvdyQ7OnrS1fN+NeMB1IlzHhwAuayYmeEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=dpdk.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vieOEkl9dYWc3WbICE5N5Hjs3Tf072Q7uZKW0gFdYlM=; b=LRziAtDSRV6J5azw/C69sSjxzkMX29lH3tUUy6VCuofyE+zrbcaaTtBapIxCcPBlBLuTcI70BwWoafbcarSN+wftag2HqbngN94et/2Yz2bxHSU0msYqSnu4PXwB/1eR8ha+P5bYmvwlwwOTOgVZ9S4xZLCm+G4rhxj2R588TTg= Received: from BL1P223CA0025.NAMP223.PROD.OUTLOOK.COM (2603:10b6:208:2c4::30) by SA1PR12MB6678.namprd12.prod.outlook.com (2603:10b6:806:251::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.34; Mon, 1 Jul 2024 15:23:03 +0000 Received: from BL6PEPF00022570.namprd02.prod.outlook.com (2603:10b6:208:2c4:cafe::4c) by BL1P223CA0025.outlook.office365.com (2603:10b6:208:2c4::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.32 via Frontend Transport; Mon, 1 Jul 2024 15:23:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF00022570.mail.protection.outlook.com (10.167.249.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7741.18 via Frontend Transport; Mon, 1 Jul 2024 15:23:02 +0000 Received: from driver-dev1.pensando.io (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 1 Jul 2024 10:23:01 -0500 From: Andrew Boyer To: CC: Andrew Boyer Subject: [PATCH 1/2] crypto/ionic: fix buffer overrun when writing session Date: Mon, 1 Jul 2024 08:22:49 -0700 Message-ID: <20240701152250.46978-1-andrew.boyer@amd.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF00022570:EE_|SA1PR12MB6678:EE_ X-MS-Office365-Filtering-Correlation-Id: d1a201d9-d8f5-4d68-54b4-08dc99e1b2e1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?GpZM72o0vQFETYXqDQafMTen8wzbqIF8v2Kgz0LSQYH3kkOKgYkuruJV/zx3?= =?us-ascii?Q?m3/6Asl9JRO6o+ROfH3xXr0+L8/QVzwa1e3fqNdge/lkYtUrxqPGUceiPFJ7?= =?us-ascii?Q?vHO8r195qcmiVcWNdiNkdgCwSBD6baL9u2YlFz6aT021fUk1J0UI/lBkKS8/?= =?us-ascii?Q?sSPkSk8W6EKM+cEBBU+FV8YNTxjarTFzCU/kVSSk3yogmgV+nQY+7sFLJVxx?= =?us-ascii?Q?LNZCFHUeRYIh14jJJGR/urVLm6bCqn2sGqvMBI5LW9obEsYq1oaZNL8BZc2c?= =?us-ascii?Q?9/x9YT6A24nlY/cPDrrbthsRAHggEJo75dkXhCGyyovu/gJpgRiNT7wwF2D5?= =?us-ascii?Q?H2LNret6SRVUPjot5eHpPvLfujaZbTyapVlCR5z1erNIe3A+rING0lOjKZdh?= =?us-ascii?Q?P8EPdptz1oZwQVK+pxTUmqBCmlaWjcaxuA6VhUXfD0ODEw2FpCJn1kZmtBMP?= =?us-ascii?Q?zis6E43GEdgbIPZZJXaQA9+1FlaYqW5qPGpMQjTiWkZ+ohw7KWwVj5gqI5oO?= =?us-ascii?Q?wp/cB6dDucm1kjWBaMxDHnpAkTx5k/aTYlFgF3He3baUBoz46Awj7fpvZfdA?= =?us-ascii?Q?qPrBDQHA9f/Vg8JWtB4IPGP07pC2LezNAPyKttvyDILT58X/zxv4RXT0GcW4?= =?us-ascii?Q?j5q5EarWKdAJfY7GQdJYwbOfibS/Xzj3/GWLP4mEsad4EDv2U/1z/lLQY2H5?= =?us-ascii?Q?N9uP7d8f2V3n+tdMfnUSRMG8e4OwZshLneJiMxqDI5rlbqivQPlXGhjfp7J/?= =?us-ascii?Q?ofavQysx+qG8tUJnSTHnZ3jN6BXyJuY3WXMtRbf4nhNs5IljX0ekU+CChnf0?= =?us-ascii?Q?5QSlJUmn/7Zxv6IVRRvuj68lCKr5GEd5buzhbovO+LpLI8JvO60PtQ2JJAY9?= =?us-ascii?Q?wYC6DciKJoP70DRIg/jdyurE9z9dBUjRiYy+0Z6A1yw/7tJaRhR5uZFel2I4?= =?us-ascii?Q?GWgTKjtp/579z17k1ZPP0jwzrE+jv5uuAB7DG19dgaN5mnjJwpCl089BzeqR?= =?us-ascii?Q?OGNARblOUpmWf9815STfL8L31N+ZOTAqVNZRxHf0rmZvPUy/QYaXjFUj+SVv?= =?us-ascii?Q?uvaGmvJR9Y1lcPwYXRxu5Dmy3O5zIFkJByHyp/U/Ie01l1VqtQGy3zkjOBgm?= =?us-ascii?Q?Vat2rx2p28A8vak/beWaLn9oeYThBoS3pAlStHR2qFHF9f9Crj+id1Q8wtny?= =?us-ascii?Q?tAbbnY2SG8EQ9m2ySITWrzA1Cd8/cjfqA80I3z6SKM+A8sTQg5MxaGGz7r/T?= =?us-ascii?Q?xu/E5smqDwaXh/3eeOQJnkNIsKSUMIJ0h7JHYJmUe1K+lZnTZm12fJ3zJ4Qe?= =?us-ascii?Q?N+kkoVbozoWoxVz0W+ROH2T2Xg6eaRwmohJkeJNX75jpPwevLXiEpxTHFnnj?= =?us-ascii?Q?TAni4Rh6eDrlYmXtdjucBfPJPAvDap/aK5vvDgncRjK2Y/U7V5ist+kED3yA?= =?us-ascii?Q?RroenRXvhmfxv+1HP6+linS9J2z4N7YN?= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2024 15:23:02.4914 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d1a201d9-d8f5-4d68-54b4-08dc99e1b2e1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF00022570.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6678 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Coverity pointed out that, if the final segment of the session key being written is not a full segment, the loop could potentially read past the end of the source buffer. Use RTE_MIN() to make sure to only copy as much of the key as is left. Coverity issue: 426432 Fixes: 6bc7f2cf6687 ("crypto/ionic: support sessions") Signed-off-by: Andrew Boyer --- drivers/crypto/ionic/ionic_crypto_main.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/ionic/ionic_crypto_main.c b/drivers/crypto/ionic/ionic_crypto_main.c index d4810e3617..9960dc3a6d 100644 --- a/drivers/crypto/ionic/ionic_crypto_main.c +++ b/drivers/crypto/ionic/ionic_crypto_main.c @@ -193,7 +193,7 @@ iocpt_session_write(struct iocpt_session_priv *priv, }; struct iocpt_sess_control_cmd *cmd = &ctx.cmd.sess_control; uint16_t key_offset; - uint8_t key_segs, seg; + uint8_t key_segs, seg, seg_len; int err; key_segs = ((priv->key_len - 1) >> IOCPT_SESS_KEY_SEG_SHFT) + 1; @@ -202,8 +202,9 @@ iocpt_session_write(struct iocpt_session_priv *priv, ctx.pending_work = true; key_offset = seg * cmd->key_seg_len; - memcpy(cmd->key, &priv->key[key_offset], - IOCPT_SESS_KEY_SEG_LEN); + seg_len = (uint8_t)RTE_MIN(priv->key_len - key_offset, + IOCPT_SESS_KEY_SEG_LEN); + memcpy(cmd->key, &priv->key[key_offset], seg_len); cmd->key_seg_idx = seg; /* Mark final segment */ -- 2.17.1