Commit 6f030723 authored by Dan Carpenter's avatar Dan Carpenter Committed by Ye Bin
Browse files

crypto: qat/qat_420xx - fix off by one in uof_get_name() 

mainline inclusion
from mainline-v6.13-rc1
commit 93a11608fb3720e1bc2b19a2649ac2b49cca1921
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGV
CVE: CVE-2024-53163

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93a11608fb3720e1bc2b19a2649ac2b49cca1921



----------------------------------------------------------------------

This is called from uof_get_name_420xx() where "num_objs" is the
ARRAY_SIZE() of fw_objs[].  The > needs to be >= to prevent an out of
bounds access.

Fixes: fcf60f4bcf54 ("crypto: qat - add support for 420xx devices")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
Acked-by: default avatarGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
parent 8fc66242

drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c

+1 −1
Original line number Diff line number Diff line
@@ -375,7 +375,7 @@ static const char *uof_get_name(struct adf_accel_dev *accel_dev, u32 obj_num, 
	else

		id = -EINVAL;



	if (id < 0 || id > num_objs)

	if (id < 0 || id >= num_objs)

		return NULL;



	return fw_objs[id];