summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorTero Kristo <t-kristo@ti.com>2020-05-27 14:24:26 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2020-06-04 14:03:41 +0200
commit6395166d7a19019d5e9574eb9ecdaf0028abb887 (patch)
tree69cfb4122752292738b32d76ec349b417937805a /drivers
parentcrypto: omap-crypto - fix userspace copied buffer access (diff)
downloadlinux-6395166d7a19019d5e9574eb9ecdaf0028abb887.tar.xz
linux-6395166d7a19019d5e9574eb9ecdaf0028abb887.zip
crypto: omap-sham - huge buffer access fixes
The ctx internal buffer can only hold buflen amount of data, don't try to copy over more than that. Also, initialize the context sg pointer if we only have data in the context internal buffer, this can happen when closing a hash with certain data amounts. Signed-off-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/crypto/omap-sham.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 34ecace14360..5efc66ccef46 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -750,8 +750,15 @@ static int omap_sham_align_sgs(struct scatterlist *sg,
int offset = rctx->offset;
int bufcnt = rctx->bufcnt;
- if (!sg || !sg->length || !nbytes)
+ if (!sg || !sg->length || !nbytes) {
+ if (bufcnt) {
+ sg_init_table(rctx->sgl, 1);
+ sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, bufcnt);
+ rctx->sg = rctx->sgl;
+ }
+
return 0;
+ }
new_len = nbytes;
@@ -895,7 +902,7 @@ static int omap_sham_prepare_request(struct ahash_request *req, bool update)
if (hash_later < 0)
hash_later = 0;
- if (hash_later) {
+ if (hash_later && hash_later <= rctx->buflen) {
scatterwalk_map_and_copy(rctx->buffer,
req->src,
req->nbytes - hash_later,