crypto: Fix possible stack out-of-bound error
Adding fix to check the upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538 Signed-off-by: Monika Singh <monising@codeaurora.org>
This commit is contained in:
parent
e6fd34392d
commit
11dc9c9c31
1 changed files with 11 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
/*
|
||||
* QTI Crypto Engine driver.
|
||||
*
|
||||
* Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.
|
||||
*/
|
||||
|
||||
#define pr_fmt(fmt) "QCE50: %s: " fmt, __func__
|
||||
|
@ -922,6 +922,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
|
|||
break;
|
||||
case CIPHER_ALG_3DES:
|
||||
if (creq->mode != QCE_MODE_ECB) {
|
||||
if (ivsize > MAX_IV_LENGTH) {
|
||||
pr_err("%s: error: Invalid length parameter\n",
|
||||
__func__);
|
||||
return -EINVAL;
|
||||
}
|
||||
_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
|
||||
pce = cmdlistinfo->encr_cntr_iv;
|
||||
pce->data = enciv32[0];
|
||||
|
@ -970,6 +975,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
|
|||
}
|
||||
}
|
||||
if (creq->mode != QCE_MODE_ECB) {
|
||||
if (ivsize > MAX_IV_LENGTH) {
|
||||
pr_err("%s: error: Invalid length parameter\n",
|
||||
__func__);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (creq->mode == QCE_MODE_XTS)
|
||||
_byte_stream_swap_to_net_words(enciv32,
|
||||
creq->iv, ivsize);
|
||||
|
|
Loading…
Reference in a new issue