[Devel] [PATCH RHEL7 COMMIT] ms/crypto: testmgr - don't copy from source IV too much

Konstantin Khorenko khorenko at virtuozzo.com
Mon Oct 24 05:34:11 PDT 2016


The commit is pushed to "branch-rh7-3.10.0-327.36.1.vz7.19.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.36.1.vz7.19.3
------>
commit a9b804c124375e5dd423e23a44245261c6c12ee9
Author: Andrey Ryabinin <aryabinin at virtuozzo.com>
Date:   Mon Oct 24 16:34:11 2016 +0400

    ms/crypto: testmgr - don't copy from source IV too much
    
    While the destination buffer 'iv' is MAX_IVLEN size,
    the source 'template[i].iv' could be smaller, thus
    memcpy may read read invalid memory.
    Use crypto_skcipher_ivsize() to get real ivsize
    and pass it to memcpy.
    
    Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
    
    Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
    (cherry picked from commit 84cba178a3b88efe2668a9039f70abda072faa21)
    Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 crypto/testmgr.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 2fb2f95..6b6c650 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -843,6 +843,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc,
 	char *xbuf[XBUFSIZE];
 	char *xoutbuf[XBUFSIZE];
 	int ret = -ENOMEM;
+	unsigned int ivsize = crypto_ablkcipher_ivsize(tfm);
 
 	if (testmgr_alloc_buf(xbuf))
 		goto out_nobuf;
@@ -875,7 +876,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc,
 	j = 0;
 	for (i = 0; i < tcount; i++) {
 		if (template[i].iv)
-			memcpy(iv, template[i].iv, MAX_IVLEN);
+			memcpy(iv, template[i].iv, ivsize);
 		else
 			memset(iv, 0, MAX_IVLEN);
 
@@ -950,7 +951,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc,
 	for (i = 0; i < tcount; i++) {
 
 		if (template[i].iv)
-			memcpy(iv, template[i].iv, MAX_IVLEN);
+			memcpy(iv, template[i].iv, ivsize);
 		else
 			memset(iv, 0, MAX_IVLEN);
 


More information about the Devel mailing list