[bug report] crypto: qat - Intel(R) QAT driver framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Tadeusz Struk,

The patch d8cba25d2c68: "crypto: qat - Intel(R) QAT driver framework"
from Jun 5, 2014, leads to the following static checker warning:

	drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data()
	warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'

drivers/crypto/qat/qat_common/adf_ctl_drv.c
   151  static int adf_add_key_value_data(struct adf_accel_dev *accel_dev,
   152                                    const char *section,
   153                                    const struct adf_user_cfg_key_val *key_val)
   154  {
   155          if (key_val->type == ADF_HEX) {
   156                  long *ptr = (long *)key_val->val;
   157                  long val = *ptr;
   158  
   159                  if (adf_cfg_add_key_value_param(accel_dev, section,
   160                                                  key_val->key, (void *)val,
                                                        ^^^^^^^^^^^^
Not terminated.  We end up adding the named item into a list.  Then we
look it up but when we're looking it up, we don't ensure that those
strings are NUL terminated either so there is a potential that it
overflows beyond the end of the array.

   161                                                  key_val->type)) {
   162                          dev_err(&GET_DEV(accel_dev),
   163                                  "failed to add hex keyvalue.\n");
   164                          return -EFAULT;
   165                  }
   166          } else {
   167                  if (adf_cfg_add_key_value_param(accel_dev, section,
   168                                                  key_val->key, key_val->val,
   169                                                  key_val->type)) {
   170                          dev_err(&GET_DEV(accel_dev),
   171                                  "failed to add keyvalue.\n");
   172                          return -EFAULT;
   173                  }
   174          }
   175          return 0;
   176  }

[ snip ]

   203                  while (params_head) {
   204                          if (copy_from_user(&key_val, (void __user *)params_head,
                                                   ^^^^^^^^
Gets set here.

   205                                             sizeof(key_val))) {
   206                                  dev_err(&GET_DEV(accel_dev),
   207                                          "Failed to copy keyvalue.\n");
   208                                  goto out_err;
   209                          }
   210                          if (adf_add_key_value_data(accel_dev, section.name,
   211                                                     &key_val)) {
   212                                  goto out_err;
   213                          }
   214                          params_head = key_val.next;
   215                  }

See also:
drivers/crypto/qat/qat_common/adf_ctl_drv.c:159 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->key'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:167 adf_add_key_value_data() warn: 'adf_cfg_add_key_value_param' unterminated user string 'key_val->val'
drivers/crypto/qat/qat_common/adf_ctl_drv.c:195 adf_copy_key_value_data() warn: 'adf_cfg_section_add' unterminated user string 'section.name'

regards,
dan carpenter
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux