crypto/virtio: fix out-of-bounds access

[ upstream commit a965e768065ae496c9a1c7a77545bc0f0f0e38e2 ] Coverity flags an untrusted loop bound. Check length of session iv. Coverity issue: 375802 Fixes: b063e84 ("crypto/virtio: fix IV physical address") Signed-off-by: Brian Dooley <brian.dooley@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
cpaelzer · Mar 9, 2022 · c641b9a · c641b9a
1 parent 0810491
commit c641b9a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@ virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (session->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE)
+				return -ENOMEM;
+
 			rte_memcpy(crypto_op_cookie->iv,
 					rte_crypto_op_ctod_offset(cop,
 					uint8_t *, session->iv.offset),