[PATCH] crypto/qat: fix missing copy guards in asym mod

[Arek Kusztal]

This commit fixes missing guards for size of memcpy,
it is needed to prevent faulty access when incorrect length
passed from the user.

Fixes: 3b78aa7b2317 ("crypto/qat: refactor asymmetric crypto functions")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
---
 drivers/crypto/qat/qat_asym.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 82a0450aed..cad04e05b5 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -248,6 +248,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 	uint8_t *modexp_result = asym_op->modex.result.data;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modexp modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modexp_result,
 		cookie->output_array[0] + alg_bytesize
 		- n.length, n.length);
@@ -304,6 +308,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
 	uint8_t *modinv_result = asym_op->modinv.result.data;
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 
+	if (n.length > alg_bytesize) {
+		QAT_LOG(ERR, "Incorrect length of modinv modulus");
+		return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 	rte_memcpy(modinv_result + (asym_op->modinv.result.length
 		- n.length),
 		cookie->output_array[0] + alg_bytesize
-- 
2.13.6