> -----Original Message----- > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Fiona Trahe > Sent: Monday, July 3, 2017 4:24 PM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.gua...@intel.com>; Trahe, Fiona <fiona.tr...@intel.com> > Subject: [dpdk-dev] [PATCH] crypto/qat: fix possible out-of-bounds error > > Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value. > This should never happen at this point on data path, but fix for safety. > > Coverity issue: 143458 > Coverity issue: 143465 > > Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode") > > Signed-off-by: Fiona Trahe <fiona.tr...@intel.com> > --- > drivers/crypto/qat/qat_crypto.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/qat/qat_crypto.c > b/drivers/crypto/qat/qat_crypto.c index f8e1d01..33b6eb0 100644 > --- a/drivers/crypto/qat/qat_crypto.c > +++ b/drivers/crypto/qat/qat_crypto.c > @@ -618,7 +618,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx, > { > uint8_t block_len = qat_cipher_get_block_size(ctx- > >qat_cipher_alg); > struct rte_crypto_sym_op *sym_op = op->sym; > - uint8_t last_block_len = sym_op->cipher.data.length % block_len; > + uint8_t last_block_len = block_len > 0 ? > + sym_op->cipher.data.length % block_len : 0; > > if (last_block_len && > ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT) { > @@ -671,7 +672,8 @@ qat_bpicipher_postprocess(struct qat_session > *ctx, { > uint8_t block_len = qat_cipher_get_block_size(ctx- > >qat_cipher_alg); > struct rte_crypto_sym_op *sym_op = op->sym; > - uint8_t last_block_len = sym_op->cipher.data.length % block_len; > + uint8_t last_block_len = block_len > 0 ? > + sym_op->cipher.data.length % block_len : 0; > > if (last_block_len > 0 && > ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) { > -- > 2.7.4
CC'ing stable. Applied to dpdk-next-crypto. Thanks, Pablo
