Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca2f74a9 authored by Monika Singh's avatar Monika Singh Committed by Gerrit - the friendly Code Review server
Browse files

crypto: Fix possible stack out-of-bound error 



Adding fix to check the upper limit on the length
of the destination array while copying elements
from source address to avoid stack out of bound error.

Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538
Signed-off-by: default avatarMonika Singh <monising@codeaurora.org>
parent 08d69389

drivers/crypto/msm/qce50.c

+11 −1
Original line number Diff line number Diff line 
/*

 * QTI Crypto Engine driver.

 *

 * Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -870,6 +870,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq, 
		break;

	case CIPHER_ALG_3DES:

		if (creq->mode !=  QCE_MODE_ECB) {

			if (ivsize > MAX_IV_LENGTH) {

				pr_err("%s: error: Invalid length parameter\n",

					 __func__);

				return -EINVAL;

			}

			_byte_stream_to_net_words(enciv32, creq->iv, ivsize);

			pce = cmdlistinfo->encr_cntr_iv;

			pce->data = enciv32[0];
@@ -918,6 +923,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq, 
			}

		}

		if (creq->mode !=  QCE_MODE_ECB) {

			if (ivsize > MAX_IV_LENGTH) {

				pr_err("%s: error: Invalid length parameter\n",

					 __func__);

				return -EINVAL;

			}

			if (creq->mode ==  QCE_MODE_XTS)

				_byte_stream_swap_to_net_words(enciv32,

							creq->iv, ivsize);