From: Shant KumarX Sonnad <shant.kumarx.sonnad@xxxxxxxxx> The offset is calculated based on type of hash algorithum. If the algorithum is invalid the offset can have negative value. Hence added negative offset check and return -EFAULT. Reviewed-by: Conor Mcloughlin <conor.mcloughlin@xxxxxxxxx> Tested-by: Sergey Portnoy <sergey.portnoy@xxxxxxxxx> Signed-off-by: Shant KumarX Sonnad <shant.kumarx.sonnad@xxxxxxxxx> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx> --- drivers/crypto/qat/qat_common/qat_algs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index 413e05e8891e..b60156d987eb 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -222,6 +222,9 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, return -EFAULT; offset = round_up(qat_get_inter_state_size(ctx->qat_hash_alg), 8); + if (offset < 0) + return -EFAULT; + hash_state_out = (__be32 *)(hash->sha.state1 + offset); hash512_state_out = (__be64 *)hash_state_out; -- 2.20.1
