From b78e7891460c591ccadc44baf83bd8982fd4fba5 Mon Sep 17 00:00:00 2001 From: Tanwee Kausar Date: Tue, 13 Oct 2020 09:56:07 -0700 Subject: crypto: Fix possible stack out of bound error Adding fix to check upper limit on the length of the destination array while copying element from source address to avoid stack out of bound error. Change-Id: I71ab7c8045f300623e4d906a764940dbcc88c878 Signed-off-by: Tanwee Kausar --- drivers/crypto/msm/qce.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/msm/qce.c b/drivers/crypto/msm/qce.c index 4cf95b90a2df..53c07aacc145 100644 --- a/drivers/crypto/msm/qce.c +++ b/drivers/crypto/msm/qce.c @@ -1,6 +1,6 @@ /* Qualcomm Crypto Engine driver. * - * Copyright (c) 2010-2016, The Linux Foundation. All rights reserved. + * Copyright (c) 2010-2016, 2020 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -768,6 +768,11 @@ static int _ce_setup(struct qce_device *pce_dev, struct qce_req *q_req, switch (q_req->alg) { case CIPHER_ALG_DES: if (q_req->mode != QCE_MODE_ECB) { + if (ivsize > MAX_IV_LENGTH) { + pr_err("%s: error: Invalid length parameter\n", + __func__); + return -EINVAL; + } _byte_stream_to_net_words(enciv32, q_req->iv, ivsize); writel_relaxed(enciv32[0], pce_dev->iobase + CRYPTO_CNTR0_IV0_REG); -- cgit v1.2.3