diff mbox series

crypto/qat: fix missing copy guards in asym mod

Message ID	20220617111937.18374-1-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH] crypto/qat: fix missing copy guards in asym mod Date: Fri, 17 Jun 2022 12:19:37 +0100 Message-Id: <20220617111937.18374-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/qat: fix missing copy guards in asym mod \| crypto/qat: fix missing copy guards in asym mod

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/intel-Testing	success	Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-abi-testing	success	Testing PASS

Commit Message

Arkadiusz Kusztal June 17, 2022, 11:19 a.m. UTC

  This commit fixes missing guards for size of memcpy,
it is needed to prevent faulty access when incorrect length
passed from the user.

Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/qat/qat_asym.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Fan Zhang June 20, 2022, 9:13 a.m. UTC | #1

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Friday, June 17, 2022 12:20 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Kusztal,
> ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] crypto/qat: fix missing copy guards in asym mod
> 
> This commit fixes missing guards for size of memcpy,
> it is needed to prevent faulty access when incorrect length
> passed from the user.
> 
> Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Akhil Goyal June 21, 2022, 11:12 a.m. UTC | #2

> > This commit fixes missing guards for size of memcpy,
> > it is needed to prevent faulty access when incorrect length
> > passed from the user.
> >
> > Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Applied to dpdk-next-crypto
Cc: stable@dpdk.org

diff mbox series

Patch

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 82a0450aed..cad04e05b5 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -248,6 +248,10 @@  modexp_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 	uint8_t *modexp_result = asym_op->modex.result.data;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modexp modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modexp_result,
 		cookie->output_array[0] + alg_bytesize
 		- n.length, n.length);
@@ -304,6 +308,10 @@  modinv_collect(struct rte_crypto_asym_op *asym_op,
 	uint8_t *modinv_result = asym_op->modinv.result.data;
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modinv modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modinv_result + (asym_op->modinv.result.length
 		- n.length),
 		cookie->output_array[0] + alg_bytesize