[PATCH] crypto/virtio: fix out of bounds access bug

Brian Dooley Mon, 21 Feb 2022 10:06:49 -0800

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802


Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: [email protected]

Signed-off-by: Brian Dooley <[email protected]>
---
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c 
b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..f3f2e75c00 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
                if (cop->phys_addr)
                        desc[idx].addr = cop->phys_addr + session->iv.offset;
                else {
+                       if (VIRTIO_CRYPTO_MAX_IV_SIZE < session->iv.length)
+                               return -ENOMEM;
+
                        rte_memcpy(crypto_op_cookie->iv,
                                        rte_crypto_op_ctod_offset(cop,
                                        uint8_t *, session->iv.offset),
-- 
2.25.1

[PATCH] crypto/virtio: fix out of bounds access bug

Reply via email to