[PATCH] crypto: bcm/spu2

From: Aleksandr Mishin
Date: Wed Mar 06 2024 - 06:02:42 EST

Next message: Manivannan Sadhasivam: "Re: [PATCH v4 3/5] PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p"
Previous message: kernel test robot: "[gustavoars:testing/WFAMNAE-next20240229] BUILD SUCCESS faf7e530782e8f29af8a30ce7b9d2330bedd025d"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.

Fix this bug by changing ciph_key_len to hash_iv_len.

Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver")

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx>
---
drivers/crypto/bcm/spu2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/bcm/spu2.c b/drivers/crypto/bcm/spu2.c
index 07989bb8c220..3fdc64b5a65e 100644
--- a/drivers/crypto/bcm/spu2.c
+++ b/drivers/crypto/bcm/spu2.c
@@ -495,7 +495,7 @@ static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len,
if (hash_iv_len) {
packet_log(" Hash IV Length %u bytes\n", hash_iv_len);
packet_dump(" hash IV: ", ptr, hash_iv_len);
- ptr += ciph_key_len;
+ ptr += hash_iv_len;
}

if (ciph_iv_len) {
--
2.30.2

Next message: Manivannan Sadhasivam: "Re: [PATCH v4 3/5] PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p"
Previous message: kernel test robot: "[gustavoars:testing/WFAMNAE-next20240229] BUILD SUCCESS faf7e530782e8f29af8a30ce7b9d2330bedd025d"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]