crypto/virtio: fix out-of-bounds access

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802
Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306ef7845319c9311e8bb7e180f31783f..08359b3a39184beeb59fadba8b367cbac1001d57 100644 (file)
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
                if (cop->phys_addr)
                        desc[idx].addr = cop->phys_addr + session->iv.offset;
                else {
+                       if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+                               return -ENOMEM;
+
                        rte_memcpy(crypto_op_cookie->iv,
                                        rte_crypto_op_ctod_offset(cop,
                                        uint8_t *, session->iv.offset),