From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Fri, 17 Jun 2022 11:19:37 +0000 (+0100)
Subject: crypto/qat: fix missing copy guards in asym mod
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=5b4d317d839d855f6f51e76800c02d79b5355bf9;p=dpdk.git

crypto/qat: fix missing copy guards in asym mod

This commit fixes missing guards for size of memcpy,
it is needed to prevent faulty access when incorrect length
passed from the user.

Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index f6ce250c75..19931791c4 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -252,6 +252,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 	uint8_t *modexp_result = asym_op->modex.result.data;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modexp modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modexp_result,
 		cookie->output_array[0] + alg_bytesize
 		- n.length, n.length);
@@ -308,6 +312,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
 	uint8_t *modinv_result = asym_op->modinv.result.data;
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modinv modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modinv_result + (asym_op->modinv.result.length
 		- n.length),
 		cookie->output_array[0] + alg_bytesize