[PATCH] crypto/testmgr: don't copy from source IV too much

From: Andrey Ryabinin
Date: Thu Sep 03 2015 - 07:32:38 EST

Next message: Andrey Ryabinin: "[PATCH] x86/crypto/ghash-intel: specify context size for ghash async algorithm"
Previous message: Albino B Neto: "Re: [GIT PULL] Ext3 removal, quota & udf fixes"
Next in thread: Andrey Ryabinin: "[PATCH] x86/crypto/ghash-intel: specify context size for ghash async algorithm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller. Thus
copying it via memcpy() leads to invalid memory access.
Use strlcpy() instead.

Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxx>
---
crypto/testmgr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index d0a42bd..d85221c 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -974,7 +974,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc,
continue;

if (template[i].iv)
- memcpy(iv, template[i].iv, MAX_IVLEN);
+ strlcpy(iv, template[i].iv, MAX_IVLEN);
else
memset(iv, 0, MAX_IVLEN);

@@ -1049,7 +1049,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc,
continue;

if (template[i].iv)
- memcpy(iv, template[i].iv, MAX_IVLEN);
+ strlcpy(iv, template[i].iv, MAX_IVLEN);
else
memset(iv, 0, MAX_IVLEN);

--
2.4.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrey Ryabinin: "[PATCH] x86/crypto/ghash-intel: specify context size for ghash async algorithm"
Previous message: Albino B Neto: "Re: [GIT PULL] Ext3 removal, quota & udf fixes"
Next in thread: Andrey Ryabinin: "[PATCH] x86/crypto/ghash-intel: specify context size for ghash async algorithm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]