Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 595a9a12 authored by Monika Singh's avatar Monika Singh
Browse files

crypto: Fix possible stack out of bound error 



Adding fix to check the upper limit on the length
of the destination array while copying elements
from source address to avoid stack out of bound error.

Change-Id: I39d5768fa97f9d269cfb101a389bb771d13c7538
Signed-off-by: default avatarMonika Singh <monising@codeaurora.org>
parent 73db1046

drivers/crypto/msm/qce50.c

+11 −1
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
/*

 * QTI Crypto Engine driver.

 *

 * Copyright (c) 2012-2020, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.

 */



#define pr_fmt(fmt) "QCE50: %s: " fmt, __func__
@@ -860,6 +860,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq, 
		break;

	case CIPHER_ALG_3DES:

		if (creq->mode !=  QCE_MODE_ECB) {

			if (ivsize > MAX_IV_LENGTH) {

				pr_err("%s: error: Invalid length parameter\n",

					 __func__);

				return -EINVAL;

			}

			_byte_stream_to_net_words(enciv32, creq->iv, ivsize);

			pce = cmdlistinfo->encr_cntr_iv;

			pce->data = enciv32[0];
@@ -908,6 +913,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq, 
			}

		}

		if (creq->mode !=  QCE_MODE_ECB) {

			if (ivsize > MAX_IV_LENGTH) {

				pr_err("%s: error: Invalid length parameter\n",

					 __func__);

				return -EINVAL;

			}

			if (creq->mode ==  QCE_MODE_XTS)

				_byte_stream_swap_to_net_words(enciv32,

							creq->iv, ivsize);