vhost/crypto: check request pointer before dereference

[ upstream commit 9cfbe67 ] Use vc_req only after it was checked not to be NULL. Fixes: 2d962bb ("vhost/crypto: fix possible TOCTOU attack") Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
bluca · Jul 12, 2021 · 619944d · 619944d
1 parent d07ee66
commit 619944d
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c
@@ -1337,13 +1337,15 @@ vhost_crypto_finalize_one_request(struct rte_crypto_op *op,
 	struct rte_mbuf *m_src = op->sym->m_src;
 	struct rte_mbuf *m_dst = op->sym->m_dst;
 	struct vhost_crypto_data_req *vc_req = rte_mbuf_to_priv(m_src);
-	struct vhost_virtqueue *vq = vc_req->vq;
-	uint16_t used_idx = vc_req->desc_idx, desc_idx;
+	struct vhost_virtqueue *vq;
+	uint16_t used_idx, desc_idx;
 
 	if (unlikely(!vc_req)) {
 		VC_LOG_ERR("Failed to retrieve vc_req");
 		return NULL;
 	}
+	vq = vc_req->vq;
+	used_idx = vc_req->desc_idx;
 
 	if (old_vq && (vq != old_vq))
 		return vq;