Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value.
This should never happen at this point on data path, but fix for safety.
Coverity issue: 143458
Coverity issue: 143465
Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode")
Signed-off-by: Fiona Trahe <fiona.tr...@intel.com>
---
drivers/crypto/qat/qat_crypto.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index f8e1d01..33b6eb0 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -618,7 +618,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
{
uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
struct rte_crypto_sym_op *sym_op = op->sym;
- uint8_t last_block_len = sym_op->cipher.data.length % block_len;
+ uint8_t last_block_len = block_len > 0 ?
+ sym_op->cipher.data.length % block_len : 0;
if (last_block_len &&
ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT) {
@@ -671,7 +672,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
{
uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
struct rte_crypto_sym_op *sym_op = op->sym;
- uint8_t last_block_len = sym_op->cipher.data.length % block_len;
+ uint8_t last_block_len = block_len > 0 ?
+ sym_op->cipher.data.length % block_len : 0;
if (last_block_len > 0 &&
ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) {
--
2.7.4
