joel16/android_kernel_sony_msm8994
1
0
Fork 0
mirror of https://github.com/joel16/android_kernel_sony_msm8994.git synced 2025-02-25 07:53:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

qcdev: Check the digest length during the SHA operations

Browse Source 
Check the digest length to avoid buffer overflow while
doing the SHA operations.

Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
This commit is contained in:
Brahmaji K 2017-05-15 16:02:15 +05:30 committed by Gerrit - the friendly Code Review server
parent fd98387b3d
commit aaf4a814d9
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
drivers/crypto/msm/qcedev.c
View File

@ -1752,6 +1752,13 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
mutex_unlock(&hash_access_lock);
return err;
}
if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
pr_err("Invalid sha_ctxt.diglen %d\n",
handle->sha_ctxt.diglen);
mutex_unlock(&hash_access_lock);
return -EINVAL;
}
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
memcpy(&qcedev_areq.sha_op_req.digest[0],
&handle->sha_ctxt.digest[0],
@ -1788,6 +1795,13 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
mutex_unlock(&hash_access_lock);
return err;
}
if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
pr_err("Invalid sha_ctxt.diglen %d\n",
handle->sha_ctxt.diglen);
mutex_unlock(&hash_access_lock);
return -EINVAL;
}
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
memcpy(&qcedev_areq.sha_op_req.digest[0],
&handle->sha_ctxt.digest[0],