From: Fiona Trahe <fiona.trahe@intel.com>
Date: Mon, 3 Jul 2017 15:24:27 +0000 (+0100)
Subject: crypto/qat: fix possible out-of-bounds
X-Git-Tag: spdx-start~2645
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=5f95f662e13d91e98b3a7243c03e98ab39240bc4;p=dpdk.git

crypto/qat: fix possible out-of-bounds

Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value.
This should never happen at this point on data path, but fix for safety.

Coverity issue: 143458, 143465

Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode")

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 3e621c5c41..7e04f211ad 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -785,7 +785,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx,
 {
 	uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
 	struct rte_crypto_sym_op *sym_op = op->sym;
-	uint8_t last_block_len = sym_op->cipher.data.length % block_len;
+	uint8_t last_block_len = block_len > 0 ?
+			sym_op->cipher.data.length % block_len : 0;
 
 	if (last_block_len &&
 			ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT) {
@@ -839,7 +840,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx,
 {
 	uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
 	struct rte_crypto_sym_op *sym_op = op->sym;
-	uint8_t last_block_len = sym_op->cipher.data.length % block_len;
+	uint8_t last_block_len = block_len > 0 ?
+			sym_op->cipher.data.length % block_len : 0;
 
 	if (last_block_len > 0 &&
 			ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) {