From 5b4d317d839d855f6f51e76800c02d79b5355bf9 Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Fri, 17 Jun 2022 12:19:37 +0100 Subject: [PATCH] crypto/qat: fix missing copy guards in asym mod This commit fixes missing guards for size of memcpy, it is needed to prevent faulty access when incorrect length passed from the user. Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions") Cc: stable@dpdk.org Signed-off-by: Arek Kusztal Acked-by: Fan Zhang --- drivers/crypto/qat/qat_asym.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index f6ce250c75..19931791c4 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -252,6 +252,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op, uint32_t alg_bytesize = cookie->alg_bytesize; uint8_t *modexp_result = asym_op->modex.result.data; + if (n.length > alg_bytesize) { + QAT_LOG(ERR, "Incorrect length of modexp modulus"); + return RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + } rte_memcpy(modexp_result, cookie->output_array[0] + alg_bytesize - n.length, n.length); @@ -308,6 +312,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op, uint8_t *modinv_result = asym_op->modinv.result.data; uint32_t alg_bytesize = cookie->alg_bytesize; + if (n.length > alg_bytesize) { + QAT_LOG(ERR, "Incorrect length of modinv modulus"); + return RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + } rte_memcpy(modinv_result + (asym_op->modinv.result.length - n.length), cookie->output_array[0] + alg_bytesize -- 2.39.5