crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
9da75de030
commit
84cba178a3
|
@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
|
|||
char *xbuf[XBUFSIZE];
|
||||
char *xoutbuf[XBUFSIZE];
|
||||
int ret = -ENOMEM;
|
||||
unsigned int ivsize = crypto_skcipher_ivsize(tfm);
|
||||
|
||||
if (testmgr_alloc_buf(xbuf))
|
||||
goto out_nobuf;
|
||||
|
@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
|
|||
continue;
|
||||
|
||||
if (template[i].iv)
|
||||
memcpy(iv, template[i].iv, MAX_IVLEN);
|
||||
memcpy(iv, template[i].iv, ivsize);
|
||||
else
|
||||
memset(iv, 0, MAX_IVLEN);
|
||||
|
||||
|
@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
|
|||
continue;
|
||||
|
||||
if (template[i].iv)
|
||||
memcpy(iv, template[i].iv, MAX_IVLEN);
|
||||
memcpy(iv, template[i].iv, ivsize);
|
||||
else
|
||||
memset(iv, 0, MAX_IVLEN);
|
||||
|
||||
|
|
Loading…
Reference in New Issue