qcdev: Check the digest length during the SHA operations
Check the digest length to avoid buffer overflow while doing the SHA operations. Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1 Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
This commit is contained in:
Brahmaji K
Gerrit - the friendly Code Review server
parent
75a9d0fee5
commit
df7052e30b
1 changed files with 12 additions and 0 deletions
|
|
@ -1741,6 +1741,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
|
||||||
mutex_unlock(&hash_access_lock);
|
mutex_unlock(&hash_access_lock);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
|
||||||
|
pr_err("Invalid sha_ctxt.diglen %d\n",
|
||||||
|
handle->sha_ctxt.diglen);
|
||||||
|
mutex_unlock(&hash_access_lock);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
|
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
|
||||||
memcpy(&qcedev_areq.sha_op_req.digest[0],
|
memcpy(&qcedev_areq.sha_op_req.digest[0],
|
||||||
&handle->sha_ctxt.digest[0],
|
&handle->sha_ctxt.digest[0],
|
||||||
|
|
@ -1777,6 +1783,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
|
||||||
mutex_unlock(&hash_access_lock);
|
mutex_unlock(&hash_access_lock);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
|
||||||
|
pr_err("Invalid sha_ctxt.diglen %d\n",
|
||||||
|
handle->sha_ctxt.diglen);
|
||||||
|
mutex_unlock(&hash_access_lock);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
|
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
|
||||||
memcpy(&qcedev_areq.sha_op_req.digest[0],
|
memcpy(&qcedev_areq.sha_op_req.digest[0],
|
||||||
&handle->sha_ctxt.digest[0],
|
&handle->sha_ctxt.digest[0],
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue