The 'queue_index' of create/close_session function
is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
This leads oob access. This patch avoid this.
Signed-off-by: Li Qiang <liq...@163.com>
---
backends/cryptodev-vhost-user.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 1052a5d0e9..36a40eeb4d 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
{
+ assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
CryptoDevBackendClient *cc =
backend->conf.peers.ccs[queue_index];
CryptoDevBackendVhost *vhost_crypto;
@@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
{
+ assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
CryptoDevBackendClient *cc =
backend->conf.peers.ccs[queue_index];
CryptoDevBackendVhost *vhost_crypto;
--
2.17.1
