crypto/qat: fix missing copy guards in asym mod

This commit fixes missing guards for size of memcpy,
it is needed to prevent faulty access when incorrect length
passed from the user.

Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index f6ce250c757ef3b289f81af0dce89b3f1b72fbbc..19931791c46fdee6f7ffc63baf33c842b6251517 100644 (file)
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -252,6 +252,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
        uint32_t alg_bytesize = cookie->alg_bytesize;
        uint8_t *modexp_result = asym_op->modex.result.data;
 
+       if (n.length > alg_bytesize) {
+               QAT_LOG(ERR, "Incorrect length of modexp modulus");
+               return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+       }
        rte_memcpy(modexp_result,
                cookie->output_array[0] + alg_bytesize
                - n.length, n.length);
@@ -308,6 +312,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
        uint8_t *modinv_result = asym_op->modinv.result.data;
        uint32_t alg_bytesize = cookie->alg_bytesize;
 
+       if (n.length > alg_bytesize) {
+               QAT_LOG(ERR, "Incorrect length of modinv modulus");
+               return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+       }
        rte_memcpy(modinv_result + (asym_op->modinv.result.length
                - n.length),
                cookie->output_array[0] + alg_bytesize