crypto: testmgr - don't copy from source IV too much

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Andrey Ryabinin and committed by

Herbert Xu 10 years ago 84cba178 9da75de0

+3 -2

1 changed file

expand all

crypto

testmgr.c

+3 -2

crypto/testmgr.c

··· 940 940 char *xbuf[XBUFSIZE]; 941 941 char *xoutbuf[XBUFSIZE]; 942 942 int ret = -ENOMEM; 943 + unsigned int ivsize = crypto_skcipher_ivsize(tfm); 943 944 944 945 if (testmgr_alloc_buf(xbuf)) 945 946 goto out_nobuf; ··· 976 975 continue; 977 976 978 977 if (template[i].iv) 979 - memcpy(iv, template[i].iv, MAX_IVLEN); 978 + memcpy(iv, template[i].iv, ivsize); 980 979 else 981 980 memset(iv, 0, MAX_IVLEN); 982 981 ··· 1052 1051 continue; 1053 1052 1054 1053 if (template[i].iv) 1055 - memcpy(iv, template[i].iv, MAX_IVLEN); 1054 + memcpy(iv, template[i].iv, ivsize); 1056 1055 else 1057 1056 memset(iv, 0, MAX_IVLEN); 1058 1057