Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b78e7891 authored by Tanwee Kausar's avatar Tanwee Kausar Committed by Gerrit - the friendly Code Review server
Browse files

crypto: Fix possible stack out of bound error 



Adding fix to check upper limit on the length
of the destination array while copying element from
source address to avoid stack out of bound error.

Change-Id: I71ab7c8045f300623e4d906a764940dbcc88c878
Signed-off-by: default avatarTanwee Kausar <tkausar@codeaurora.org>
parent b18a62c5

drivers/crypto/msm/qce.c

+6 −1
Original line number Diff line number Diff line 
/* Qualcomm Crypto Engine driver.

 *

 * Copyright (c) 2010-2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2010-2016, 2020 The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -768,6 +768,11 @@ static int _ce_setup(struct qce_device *pce_dev, struct qce_req *q_req, 
	switch (q_req->alg) {

	case CIPHER_ALG_DES:

		if (q_req->mode !=  QCE_MODE_ECB) {

			if (ivsize > MAX_IV_LENGTH) {

				pr_err("%s: error: Invalid length parameter\n",

					 __func__);

				return -EINVAL;

			}

			_byte_stream_to_net_words(enciv32, q_req->iv, ivsize);

			writel_relaxed(enciv32[0], pce_dev->iobase +

						CRYPTO_CNTR0_IV0_REG);