crypto: Fix possible stack out of bound error

Adding fix to check upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471 Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
author: Tanwee Kausar <tkausar@codeaurora.org> 2020-08-10 16:10:50 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2020-11-04 20:11:04 -0800
commit: 0ac4b189f1d32a8511f0f3aff88c77ccacc2ab46 (patch)
tree: b6b5081a48781a39483073510087a42eb3599f7a /drivers/crypto
parent: b18a62c574dbdcd145e6ead2fdad481301ab2429 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 598b1aa0f4d7..7740a8c59126 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -1,6 +1,6 @@
 /* Qualcomm Crypto Engine driver.
  *
- * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018, 2020 The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -846,6 +846,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
 	switch (creq->alg) {
 	case CIPHER_ALG_DES:
 		if (creq->mode !=  QCE_MODE_ECB) {
+			if (ivsize > MAX_IV_LENGTH) {
+				pr_err("%s: error: Invalid length parameter\n",
+					 __func__);
+				return -EINVAL;
+			}
 			_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
 			pce = cmdlistinfo->encr_cntr_iv;
 			pce->data = enciv32[0];
author	Tanwee Kausar <tkausar@codeaurora.org>	2020-08-10 16:10:50 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2020-11-04 20:11:04 -0800
commit	0ac4b189f1d32a8511f0f3aff88c77ccacc2ab46 (patch)
tree	b6b5081a48781a39483073510087a42eb3599f7a /drivers/crypto
parent	b18a62c574dbdcd145e6ead2fdad481301ab2429 (diff)