* [bug report] crypto: qat - Intel(R) QAT driver framework
@ 2019-05-28 10:57 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2019-05-28 10:57 UTC (permalink / raw)
To: tadeusz.struk; +Cc: qat-linux, linux-crypto
Hello Tadeusz Struk,
The patch d8cba25d2c68: "crypto: qat - Intel(R) QAT driver framework"
from Jun 5, 2014, leads to the following static checker warning:
drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data()
warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c
151 static int adf_add_key_value_data(struct adf_accel_dev *accel_dev,
152 const char *section,
153 const struct adf_user_cfg_key_val *key_val)
154 {
155 if (key_val->type == ADF_HEX) {
156 long *ptr = (long *)key_val->val;
157 long val = *ptr;
158
159 if (adf_cfg_add_key_value_param(accel_dev, section,
160 key_val->key, (void *)val,
^^^^^^^^^^^^
Not terminated. We end up adding the named item into a list. Then we
look it up but when we're looking it up, we don't ensure that those
strings are NUL terminated either so there is a potential that it
overflows beyond the end of the array.
161 key_val->type)) {
162 dev_err(&GET_DEV(accel_dev),
163 "failed to add hex keyvalue.\n");
164 return -EFAULT;
165 }
166 } else {
167 if (adf_cfg_add_key_value_param(accel_dev, section,
168 key_val->key, key_val->val,
169 key_val->type)) {
170 dev_err(&GET_DEV(accel_dev),
171 "failed to add keyvalue.\n");
172 return -EFAULT;
173 }
174 }
175 return 0;
176 }
[ snip ]
203 while (params_head) {
204 if (copy_from_user(&key_val, (void __user *)params_head,
^^^^^^^^
Gets set here.
205 sizeof(key_val))) {
206 dev_err(&GET_DEV(accel_dev),
207 "Failed to copy keyvalue.\n");
208 goto out_err;
209 }
210 if (adf_add_key_value_data(accel_dev, section.name,
211 &key_val)) {
212 goto out_err;
213 }
214 params_head = key_val.next;
215 }
See also:
drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->val'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:195 adf_copy_key_value_data() warn: 'adf_cfg_section_add' unterminated user string 'section.name'
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-05-28 10:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-28 10:57 [bug report] crypto: qat - Intel(R) QAT driver framework Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).