summaryrefslogtreecommitdiffstats
path: root/crypto/dh_helper.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-07-28 00:36:10 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2018-08-03 12:06:06 +0200
commit35f7d5225ffcbf1b759f641aec1735e3a89b1914 (patch)
tree8e433b5ee404d6f4ed9a4319f0358ef6b5fb7f42 /crypto/dh_helper.c
parentcrypto: ccp - Check for NULL PSP pointer at module unload (diff)
downloadlinux-35f7d5225ffcbf1b759f641aec1735e3a89b1914.tar.xz
linux-35f7d5225ffcbf1b759f641aec1735e3a89b1914.zip
crypto: dh - fix calculating encoded key size
It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size', causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and fix the lengths of the test vectors to match this. Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com Fixes: e3fe0ae12962 ("crypto: dh - add public key verification test") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/dh_helper.c')
-rw-r--r--crypto/dh_helper.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index a7de3d9ce5ac..db9b2d9c58f0 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -14,7 +14,7 @@
#include <crypto/dh.h>
#include <crypto/kpp.h>
-#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 3 * sizeof(int))
+#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int))
static inline u8 *dh_pack_data(void *dst, const void *src, size_t size)
{