Commit 84cba178 authored by Andrey Ryabinin's avatar Andrey Ryabinin Committed by Herbert Xu

crypto: testmgr - don't copy from source IV too much

While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.
Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 9da75de0
...@@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, ...@@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
char *xbuf[XBUFSIZE]; char *xbuf[XBUFSIZE];
char *xoutbuf[XBUFSIZE]; char *xoutbuf[XBUFSIZE];
int ret = -ENOMEM; int ret = -ENOMEM;
unsigned int ivsize = crypto_skcipher_ivsize(tfm);
if (testmgr_alloc_buf(xbuf)) if (testmgr_alloc_buf(xbuf))
goto out_nobuf; goto out_nobuf;
...@@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, ...@@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
continue; continue;
if (template[i].iv) if (template[i].iv)
memcpy(iv, template[i].iv, MAX_IVLEN); memcpy(iv, template[i].iv, ivsize);
else else
memset(iv, 0, MAX_IVLEN); memset(iv, 0, MAX_IVLEN);
...@@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, ...@@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
continue; continue;
if (template[i].iv) if (template[i].iv)
memcpy(iv, template[i].iv, MAX_IVLEN); memcpy(iv, template[i].iv, ivsize);
else else
memset(iv, 0, MAX_IVLEN); memset(iv, 0, MAX_IVLEN);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment