asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crypto: Fix possible stack out-of-bound error

Browse source 
Adding fix to check the upper limit on the length
of the destination array while copying elements
from source address to avoid stack out of bound error.

Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538
Signed-off-by: Monika Singh <monising@codeaurora.org>
This commit is contained in:
Monika Singh 2021-02-01 17:02:57 +05:30
parent e6fd34392d
commit 11dc9c9c31
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
drivers/crypto/msm/qce50.c
View file

@ -2,7 +2,7 @@
/*
* QTI Crypto Engine driver.
*
* Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.
* Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.
*/
#define pr_fmt(fmt) "QCE50: %s: " fmt, __func__
@ -922,6 +922,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
break;
case CIPHER_ALG_3DES:
if (creq->mode != QCE_MODE_ECB) {
if (ivsize > MAX_IV_LENGTH) {
pr_err("%s: error: Invalid length parameter\n",
__func__);
return -EINVAL;
}
_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
pce = cmdlistinfo->encr_cntr_iv;
pce->data = enciv32[0];
@ -970,6 +975,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
}
}
if (creq->mode != QCE_MODE_ECB) {
if (ivsize > MAX_IV_LENGTH) {
pr_err("%s: error: Invalid length parameter\n",
__func__);
return -EINVAL;
}
if (creq->mode == QCE_MODE_XTS)
_byte_stream_swap_to_net_words(enciv32,
creq->iv, ivsize);