From a965e768065ae496c9a1c7a77545bc0f0f0e38e2 Mon Sep 17 00:00:00 2001
From: Brian Dooley <brian.dooley@intel.com>
Date: Tue, 22 Feb 2022 09:54:51 +0000
Subject: [PATCH] crypto/virtio: fix out-of-bounds access

Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802
Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..08359b3a39 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+				return -ENOMEM;
+
 			rte_memcpy(crypto_op_cookie->iv,
 					rte_crypto_op_ctod_offset(cop,
 					uint8_t *, session->iv.offset),
-- 
2.39.5