> +static CryptoDevBackendSymOpInfo *
> +virtio_crypto_sym_op_helper(VirtIODevice *vdev,
> +           struct virtio_crypto_cipher_para *cipher_para,
> +           struct virtio_crypto_alg_chain_data_para *alg_chain_para,
> +           struct iovec *iov, unsigned int out_num)
> +{
> +    CryptoDevBackendSymOpInfo *op_info;
> +    uint32_t src_len = 0, dst_len = 0;
> +    uint32_t iv_len = 0;
> +    uint32_t aad_len = 0, hash_result_len = 0;
> +    uint32_t hash_start_src_offset = 0, len_to_hash = 0;
> +    uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
> +
> +    size_t max_len, curr_size = 0;
> +    size_t s;
> +
> +    /* Plain cipher */
> +    if (cipher_para) {
> +        iv_len = virtio_ldl_p(vdev, &cipher_para->iv_len);
> +        src_len = virtio_ldl_p(vdev, &cipher_para->src_data_len);
> +        dst_len = virtio_ldl_p(vdev, &cipher_para->dst_data_len);
> +    } else if (alg_chain_para) { /* Algorithm chain */
> +        iv_len = virtio_ldl_p(vdev, &alg_chain_para->iv_len);
> +        src_len = virtio_ldl_p(vdev, &alg_chain_para->src_data_len);
> +        dst_len = virtio_ldl_p(vdev, &alg_chain_para->dst_data_len);
> +
> +        aad_len = virtio_ldl_p(vdev, &alg_chain_para->aad_len);
> +        hash_result_len = virtio_ldl_p(vdev,
> +                              &alg_chain_para->hash_result_len);
> +        hash_start_src_offset = virtio_ldl_p(vdev,
> +                         &alg_chain_para->hash_start_src_offset);
> +        cipher_start_src_offset = virtio_ldl_p(vdev,
> +                         &alg_chain_para->cipher_start_src_offset);
> +        len_to_cipher = virtio_ldl_p(vdev, &alg_chain_para->len_to_cipher);
> +        len_to_hash = virtio_ldl_p(vdev, &alg_chain_para->len_to_hash);
> +    } else {
> +        return NULL;
> +    }
> +
> +    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
> +    if (max_len == LONG_MAX - sizeof(CryptoDevBackendSymOpInfo)) {
> +        virtio_error(vdev, "virtio-crypto too big length");
> +        return NULL;
> +    }
> +
The check should be:

if (unlikely(max_len > LONG_MAX - sizeof(CryptoDevBackendSymOpInfo))) {
    virtio_error(vdev, "virtio-crypto too big length");
    return NULL;
}

Regards,
-Gonglei

---------------------------------------------------------------------
To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org
For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org

Reply via email to