From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C28D7A034F for ; Tue, 22 Feb 2022 10:55:01 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B57EA41142; Tue, 22 Feb 2022 10:55:01 +0100 (CET) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id C629640DF4; Tue, 22 Feb 2022 10:54:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645523700; x=1677059700; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xIevb3OmcwxE3SHK3MyO+yl7Ft1+H1yXNgyuepa7bsk=; b=YAmV3e+ywdf0nz7ZoMGwarredSg1vQXszgfhLnAuuVUb36HlQCt5ZqtF ECmRU0Psrb9ICAcaSyb5NrLqhoxklxXduWyt9IZQtQx1jBmUs9qFGRZtT yuQ4nHtmuURd2UTgUUUKjI7dOFMJJw5mpLsMO5kRsj90etwWKDzDaLjRK KeqpjX6rSjWDioNOASVBynXp1XClcl+ms2gehPppSzSzV5wEA6iFXzJEQ sxNGt2nD9fc3+3Hi9skp/P/qHfSlH+cos4SScjmUZdFrzBO/KAjKQWdCM pJJoi2JtUK0v+s08PbGzx/U7aeFIT0ZvnvjtVHV4WJeWVn/8o4GX6bsRZ g==; X-IronPort-AV: E=McAfee;i="6200,9189,10265"; a="338090247" X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="338090247" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2022 01:54:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,387,1635231600"; d="scan'208";a="706554276" Received: from silpixa00400883.ir.intel.com ([10.243.23.143]) by orsmga005.jf.intel.com with ESMTP; 22 Feb 2022 01:54:57 -0800 From: Brian Dooley To: dev@dpdk.org Cc: Brian Dooley , roy.fan.zhang@intel.com, stable@dpdk.org, Jay Zhou Subject: [PATCH v2] crypto/virtio: fix out of bounds access bug Date: Tue, 22 Feb 2022 09:54:51 +0000 Message-Id: <20220222095451.731405-1-brian.dooley@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220221180542.439823-1-brian.dooley@intel.com> References: <20220221180542.439823-1-brian.dooley@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address") Cc: roy.fan.zhang@intel.com Cc: stable@dpdk.org Signed-off-by: Brian Dooley --- v2: Fix checkpatch warning --- drivers/crypto/virtio/virtio_rxtx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c index a65524a306..08359b3a39 100644 --- a/drivers/crypto/virtio/virtio_rxtx.c +++ b/drivers/crypto/virtio/virtio_rxtx.c @@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit( if (cop->phys_addr) desc[idx].addr = cop->phys_addr + session->iv.offset; else { + if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) + return -ENOMEM; + rte_memcpy(crypto_op_cookie->iv, rte_crypto_op_ctod_offset(cop, uint8_t *, session->iv.offset), -- 2.25.1