Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b19ac053 authored by Brahmaji K's avatar Brahmaji K Committed by Gerrit - the friendly Code Review server
Browse files

qcdev: Check the digest length during the SHA operations 



Check the digest length to avoid buffer overflow while
doing the SHA operations.

Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1
Signed-off-by: default avatarBrahmaji K <bkomma@codeaurora.org>
parent 822fa236

drivers/crypto/msm/qcedev.c

+12 −0
Original line number Diff line number Diff line
@@ -1741,6 +1741,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
			mutex_unlock(&hash_access_lock);

			return err;

		}

		if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {

			pr_err("Invalid sha_ctxt.diglen %d\n",

					handle->sha_ctxt.diglen);

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;

		memcpy(&qcedev_areq.sha_op_req.digest[0],

				&handle->sha_ctxt.digest[0],
@@ -1777,6 +1783,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
			mutex_unlock(&hash_access_lock);

			return err;

		}

		if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {

			pr_err("Invalid sha_ctxt.diglen %d\n",

					handle->sha_ctxt.diglen);

			mutex_unlock(&hash_access_lock);

			return -EINVAL;

		}

		qcedev_areq.sha_op_req.diglen =	handle->sha_ctxt.diglen;

		memcpy(&qcedev_areq.sha_op_req.digest[0],

				&handle->sha_ctxt.digest[0],