diff options
author | Andrey Ryabinin <aryabinin@virtuozzo.com> | 2015-09-10 13:11:55 +0300 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-09-11 22:09:43 +0800 |
commit | 84cba178a3b88efe2668a9039f70abda072faa21 (patch) | |
tree | 4ae19b43c59091f110a1094c7de60cd5d249f026 | |
parent | 9da75de030bb6e49475ef37c8495d07e98cfeb33 (diff) | |
download | op-kernel-dev-84cba178a3b88efe2668a9039f70abda072faa21.zip op-kernel-dev-84cba178a3b88efe2668a9039f70abda072faa21.tar.gz |
crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/testmgr.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 35c2de1..fa18753 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, char *xbuf[XBUFSIZE]; char *xoutbuf[XBUFSIZE]; int ret = -ENOMEM; + unsigned int ivsize = crypto_skcipher_ivsize(tfm); if (testmgr_alloc_buf(xbuf)) goto out_nobuf; @@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); @@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); |