From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5379CC77B75 for ; Tue, 9 May 2023 09:33:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pwJi0-0006Tl-7F; Tue, 09 May 2023 05:32:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pwJhy-0006Tc-8x for qemu-devel@nongnu.org; Tue, 09 May 2023 05:32:34 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pwJhv-0001iB-LE for qemu-devel@nongnu.org; Tue, 09 May 2023 05:32:34 -0400 Received: from kwepemi500012.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QFt9c5NFSzTkGN; Tue, 9 May 2023 17:27:48 +0800 (CST) Received: from dggpemm500006.china.huawei.com (7.185.36.236) by kwepemi500012.china.huawei.com (7.221.188.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 9 May 2023 17:32:24 +0800 Received: from dggpemm500006.china.huawei.com ([7.185.36.236]) by dggpemm500006.china.huawei.com ([7.185.36.236]) with mapi id 15.01.2507.023; Tue, 9 May 2023 17:32:24 +0800 To: Mauro Matteo Cascella , "qemu-devel@nongnu.org" CC: "mst@redhat.com" , "pizhenwei@bytedance.com" , "taoym@zju.edu.cn" Subject: RE: [PATCH v2] virtio-crypto: fix NULL pointer dereference in virtio_crypto_free_request Thread-Topic: [PATCH v2] virtio-crypto: fix NULL pointer dereference in virtio_crypto_free_request Thread-Index: AQHZgktdMleXQJZXSUqPNJQLcw0Hra9RrWRA Date: Tue, 9 May 2023 09:32:24 +0000 Message-ID: References: <20230509075317.1132301-1-mcascell@redhat.com> In-Reply-To: <20230509075317.1132301-1-mcascell@redhat.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.174.149.11] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Received-SPF: pass client-ip=45.249.212.188; envelope-from=arei.gonglei@huawei.com; helo=szxga02-in.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: "Gonglei (Arei)" From: "Gonglei (Arei)" via Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org > -----Original Message----- > From: Mauro Matteo Cascella [mailto:mcascell@redhat.com] > Sent: Tuesday, May 9, 2023 3:53 PM > To: qemu-devel@nongnu.org > Cc: mst@redhat.com; Gonglei (Arei) ; > pizhenwei@bytedance.com; taoym@zju.edu.cn; mcascell@redhat.com > Subject: [PATCH v2] virtio-crypto: fix NULL pointer dereference in > virtio_crypto_free_request >=20 > Ensure op_info is not NULL in case of QCRYPTODEV_BACKEND_ALG_SYM > algtype. >=20 > Fixes: 0e660a6f90a ("crypto: Introduce RSA algorithm") > Signed-off-by: Mauro Matteo Cascella > Reported-by: Yiming Tao > --- > v2: > - updated 'Fixes:' tag >=20 > hw/virtio/virtio-crypto.c | 20 +++++++++++--------- > 1 file changed, 11 insertions(+), 9 deletions(-) >=20 Reviewed-by: Gonglei Regards, -Gonglei > diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index > 2fe804510f..c729a1f79e 100644 > --- a/hw/virtio/virtio-crypto.c > +++ b/hw/virtio/virtio-crypto.c > @@ -476,15 +476,17 @@ static void > virtio_crypto_free_request(VirtIOCryptoReq *req) > size_t max_len; > CryptoDevBackendSymOpInfo *op_info =3D > req->op_info.u.sym_op_info; >=20 > - max_len =3D op_info->iv_len + > - op_info->aad_len + > - op_info->src_len + > - op_info->dst_len + > - op_info->digest_result_len; > - > - /* Zeroize and free request data structure */ > - memset(op_info, 0, sizeof(*op_info) + max_len); > - g_free(op_info); > + if (op_info) { > + max_len =3D op_info->iv_len + > + op_info->aad_len + > + op_info->src_len + > + op_info->dst_len + > + op_info->digest_result_len; > + > + /* Zeroize and free request data structure */ > + memset(op_info, 0, sizeof(*op_info) + max_len); > + g_free(op_info); > + } > } else if (req->flags =3D=3D QCRYPTODEV_BACKEND_ALG_ASYM) { > CryptoDevBackendAsymOpInfo *op_info =3D > req->op_info.u.asym_op_info; > if (op_info) { > -- > 2.40.1