diff options
| author | Andrey Ryabinin <aryabinin@virtuozzo.com> | 2015-09-10 13:11:55 +0300 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-09-11 22:09:43 +0800 |
| commit | 6fa96d876e74e903518d5989a2aa2f5af90294a1 (patch) | |
| tree | e7af53b7b29ffe865813eefe15f24f428d697c66 /crypto | |
| parent | 97fc4b451d1e513c0b6a5296a584a3b18afeb8d7 (diff) | |
| download | linux-crypto-6fa96d876e74e903518d5989a2aa2f5af90294a1.tar.gz linux-crypto-6fa96d876e74e903518d5989a2aa2f5af90294a1.zip | |
crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
| -rw-r--r-- | crypto/testmgr.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 35c2de13..fa18753f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, char *xbuf[XBUFSIZE]; char *xoutbuf[XBUFSIZE]; int ret = -ENOMEM; + unsigned int ivsize = crypto_skcipher_ivsize(tfm); if (testmgr_alloc_buf(xbuf)) goto out_nobuf; @@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); @@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, ivsize); else memset(iv, 0, MAX_IVLEN); |