From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 2A5BF2B96; Thu, 6 Jul 2017 16:20:29 +0200 (CEST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP; 06 Jul 2017 07:20:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.40,317,1496127600"; d="scan'208";a="121678316" Received: from irsmsx151.ger.corp.intel.com ([163.33.192.59]) by orsmga005.jf.intel.com with ESMTP; 06 Jul 2017 07:20:28 -0700 Received: from irsmsx108.ger.corp.intel.com ([169.254.11.133]) by IRSMSX151.ger.corp.intel.com ([169.254.4.191]) with mapi id 14.03.0319.002; Thu, 6 Jul 2017 15:20:27 +0100 From: "De Lara Guarch, Pablo" To: "Trahe, Fiona" , "dev@dpdk.org" , "Trahe, Fiona" CC: "stable@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] crypto/qat: fix possible out-of-bounds error Thread-Index: AQHS9BCUBbiJPQToHEOy0LGuC0M+lqJG3ckQ Date: Thu, 6 Jul 2017 14:20:27 +0000 Message-ID: References: <1499095467-6516-1-git-send-email-fiona.trahe@intel.com> In-Reply-To: <1499095467-6516-1-git-send-email-fiona.trahe@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [163.33.239.182] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] crypto/qat: fix possible out-of-bounds error X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2017 14:20:30 -0000 > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Fiona Trahe > Sent: Monday, July 3, 2017 4:24 PM > To: dev@dpdk.org; De Lara Guarch, Pablo > ; Trahe, Fiona > Subject: [dpdk-dev] [PATCH] crypto/qat: fix possible out-of-bounds error >=20 > Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value. > This should never happen at this point on data path, but fix for safety. >=20 > Coverity issue: 143458 > Coverity issue: 143465 >=20 > Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode") >=20 > Signed-off-by: Fiona Trahe > --- > drivers/crypto/qat/qat_crypto.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/drivers/crypto/qat/qat_crypto.c > b/drivers/crypto/qat/qat_crypto.c index f8e1d01..33b6eb0 100644 > --- a/drivers/crypto/qat/qat_crypto.c > +++ b/drivers/crypto/qat/qat_crypto.c > @@ -618,7 +618,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx, > { > uint8_t block_len =3D qat_cipher_get_block_size(ctx- > >qat_cipher_alg); > struct rte_crypto_sym_op *sym_op =3D op->sym; > - uint8_t last_block_len =3D sym_op->cipher.data.length % block_len; > + uint8_t last_block_len =3D block_len > 0 ? > + sym_op->cipher.data.length % block_len : 0; >=20 > if (last_block_len && > ctx->qat_dir =3D=3D ICP_QAT_HW_CIPHER_DECRYPT) { > @@ -671,7 +672,8 @@ qat_bpicipher_postprocess(struct qat_session > *ctx, { > uint8_t block_len =3D qat_cipher_get_block_size(ctx- > >qat_cipher_alg); > struct rte_crypto_sym_op *sym_op =3D op->sym; > - uint8_t last_block_len =3D sym_op->cipher.data.length % block_len; > + uint8_t last_block_len =3D block_len > 0 ? > + sym_op->cipher.data.length % block_len : 0; >=20 > if (last_block_len > 0 && > ctx->qat_dir =3D=3D ICP_QAT_HW_CIPHER_ENCRYPT) { > -- > 2.7.4 CC'ing stable. Applied to dpdk-next-crypto. Thanks, Pablo