Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

crypto: testmgr - don't copy from source IV too much

While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Andrey Ryabinin 10 years ago
parent
9da75de030
commit
84cba178a3
1 changed files with 3 additions and 2 deletions
Unified View Show Diff Stats
  1. 3 2
      crypto/testmgr.c

+ 3 - 2
crypto/testmgr.c
View File 

@@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
 
 	char *xbuf[XBUFSIZE];
 
 	char *xbuf[XBUFSIZE];
 
 	char *xoutbuf[XBUFSIZE];
 
 	char *xoutbuf[XBUFSIZE];
 
 	int ret = -ENOMEM;
 
 	int ret = -ENOMEM;
 
+	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
 
 
 
 	if (testmgr_alloc_buf(xbuf))
 
 	if (testmgr_alloc_buf(xbuf))
 
 		goto out_nobuf;
 
 		goto out_nobuf;
 
@@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
 
 			continue;
 
 			continue;
 
 
 
 		if (template[i].iv)
 
 		if (template[i].iv)
 
-			memcpy(iv, template[i].iv, MAX_IVLEN);
 
+			memcpy(iv, template[i].iv, ivsize);
 
 		else
 
 		else
 
 			memset(iv, 0, MAX_IVLEN);
 
 			memset(iv, 0, MAX_IVLEN);
 
 
 
@@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
 
 			continue;
 
 			continue;
 
 
 
 		if (template[i].iv)
 
 		if (template[i].iv)
 
-			memcpy(iv, template[i].iv, MAX_IVLEN);
 
+			memcpy(iv, template[i].iv, ivsize);
 
 		else
 
 		else
 
 			memset(iv, 0, MAX_IVLEN);
 
 			memset(iv, 0, MAX_IVLEN);