diff options
author | Eric Biggers <ebiggers@google.com> | 2018-07-27 15:36:10 -0700 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-08-03 18:06:06 +0800 |
commit | 10bbc52977a8fd323c8c6f8eb73bff9fead1abfa (patch) | |
tree | 96649f57c67330deb5284ee6e49338504c8488d7 /crypto/dh_helper.c | |
parent | 40f6ea894d5da061e92946d28fc9bc44bdfb597c (diff) | |
download | linux-crypto-10bbc52977a8fd323c8c6f8eb73bff9fead1abfa.tar.gz linux-crypto-10bbc52977a8fd323c8c6f8eb73bff9fead1abfa.zip |
crypto: dh - fix calculating encoded key size
It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size',
causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and
an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and
fix the lengths of the test vectors to match this.
Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com
Fixes: 2fefd42016a3 ("crypto: dh - add public key verification test")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/dh_helper.c')
-rw-r--r-- | crypto/dh_helper.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index a7de3d9c..db9b2d9c 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -14,7 +14,7 @@ #include <crypto/dh.h> #include <crypto/kpp.h> -#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 3 * sizeof(int)) +#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int)) static inline u8 *dh_pack_data(void *dst, const void *src, size_t size) { |