From: Dan Carpenter <dan.carpenter@oracle.com>
To: tadeusz.struk@intel.com
Cc: qat-linux@intel.com, linux-crypto@vger.kernel.org
Subject: [bug report] crypto: qat - Intel(R) QAT driver framework
Date: Tue, 28 May 2019 13:57:10 +0300 [thread overview]
Message-ID: <20190528105709.GA3643@mwanda> (raw)
Hello Tadeusz Struk,
The patch d8cba25d2c68: "crypto: qat - Intel(R) QAT driver framework"
from Jun 5, 2014, leads to the following static checker warning:
drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data()
warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c
151 static int adf_add_key_value_data(struct adf_accel_dev *accel_dev,
152 const char *section,
153 const struct adf_user_cfg_key_val *key_val)
154 {
155 if (key_val->type == ADF_HEX) {
156 long *ptr = (long *)key_val->val;
157 long val = *ptr;
158
159 if (adf_cfg_add_key_value_param(accel_dev, section,
160 key_val->key, (void *)val,
^^^^^^^^^^^^
Not terminated. We end up adding the named item into a list. Then we
look it up but when we're looking it up, we don't ensure that those
strings are NUL terminated either so there is a potential that it
overflows beyond the end of the array.
161 key_val->type)) {
162 dev_err(&GET_DEV(accel_dev),
163 "failed to add hex keyvalue.\n");
164 return -EFAULT;
165 }
166 } else {
167 if (adf_cfg_add_key_value_param(accel_dev, section,
168 key_val->key, key_val->val,
169 key_val->type)) {
170 dev_err(&GET_DEV(accel_dev),
171 "failed to add keyvalue.\n");
172 return -EFAULT;
173 }
174 }
175 return 0;
176 }
[ snip ]
203 while (params_head) {
204 if (copy_from_user(&key_val, (void __user *)params_head,
^^^^^^^^
Gets set here.
205 sizeof(key_val))) {
206 dev_err(&GET_DEV(accel_dev),
207 "Failed to copy keyvalue.\n");
208 goto out_err;
209 }
210 if (adf_add_key_value_data(accel_dev, section.name,
211 &key_val)) {
212 goto out_err;
213 }
214 params_head = key_val.next;
215 }
See also:
drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->val'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:195 adf_copy_key_value_data() warn: 'adf_cfg_section_add' unterminated user string 'section.name'
regards,
dan carpenter
reply other threads:[~2019-05-28 10:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190528105709.GA3643@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-crypto@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=tadeusz.struk@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).