From 5f95f662e13d91e98b3a7243c03e98ab39240bc4 Mon Sep 17 00:00:00 2001 From: Fiona Trahe Date: Mon, 3 Jul 2017 16:24:27 +0100 Subject: [PATCH] crypto/qat: fix possible out-of-bounds Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value. This should never happen at this point on data path, but fix for safety. Coverity issue: 143458, 143465 Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode") Signed-off-by: Fiona Trahe --- drivers/crypto/qat/qat_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index 3e621c5c41..7e04f211ad 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -785,7 +785,8 @@ qat_bpicipher_preprocess(struct qat_session *ctx, { uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); struct rte_crypto_sym_op *sym_op = op->sym; - uint8_t last_block_len = sym_op->cipher.data.length % block_len; + uint8_t last_block_len = block_len > 0 ? + sym_op->cipher.data.length % block_len : 0; if (last_block_len && ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT) { @@ -839,7 +840,8 @@ qat_bpicipher_postprocess(struct qat_session *ctx, { uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); struct rte_crypto_sym_op *sym_op = op->sym; - uint8_t last_block_len = sym_op->cipher.data.length % block_len; + uint8_t last_block_len = block_len > 0 ? + sym_op->cipher.data.length % block_len : 0; if (last_block_len > 0 && ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) { -- 2.20.1