summaryrefslogtreecommitdiffstats
path: root/crypto/testmgr.c
diff options
context:
space:
mode:
authorAndrey Ryabinin <aryabinin@virtuozzo.com>2015-09-10 12:11:55 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2015-09-11 16:09:43 +0200
commit84cba178a3b88efe2668a9039f70abda072faa21 (patch)
tree4ae19b43c59091f110a1094c7de60cd5d249f026 /crypto/testmgr.c
parentcrypto: sunxi-ss - Fix a possible driver hang with ciphers (diff)
downloadlinux-84cba178a3b88efe2668a9039f70abda072faa21.tar.xz
linux-84cba178a3b88efe2668a9039f70abda072faa21.zip
crypto: testmgr - don't copy from source IV too much
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
-rw-r--r--crypto/testmgr.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 35c2de136971..fa18753f5c34 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -940,6 +940,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
char *xbuf[XBUFSIZE];
char *xoutbuf[XBUFSIZE];
int ret = -ENOMEM;
+ unsigned int ivsize = crypto_skcipher_ivsize(tfm);
if (testmgr_alloc_buf(xbuf))
goto out_nobuf;
@@ -975,7 +976,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
continue;
if (template[i].iv)
- memcpy(iv, template[i].iv, MAX_IVLEN);
+ memcpy(iv, template[i].iv, ivsize);
else
memset(iv, 0, MAX_IVLEN);
@@ -1051,7 +1052,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
continue;
if (template[i].iv)
- memcpy(iv, template[i].iv, MAX_IVLEN);
+ memcpy(iv, template[i].iv, ivsize);
else
memset(iv, 0, MAX_IVLEN);