crypto: Fix possible stack out of bound error

Adding fix to check the upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: I783f8ab3eb5a94cf503f831df8325c214ca710e4 Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
2020-10-13 17:17:17 -07:00 · 2020-10-13 17:17:17 -07:00 · c5366f4da3
parent c9f4b0f0ca
commit c5366f4da3
1 changed files with 6 additions and 1 deletions
--- a/drivers/crypto/msm/qce.c
+++ b/drivers/crypto/msm/qce.c
@ -1,6 +1,6 @@
 /* Qualcomm Crypto Engine driver.
 *
- * Copyright (c) 2010-2016, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2010-2016, 2020 The Linux Foundation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 and
@ -768,6 +768,11 @@ static int _ce_setup(struct qce_device *pce_dev, struct qce_req *q_req,
 	switch (q_req->alg) {
 	case CIPHER_ALG_DES:
 		if (q_req->mode !=  QCE_MODE_ECB) {
+			if (ivsize > MAX_IV_LENGTH) {
+				pr_err("%s: error: Invalid length parameter\n",
+					 __func__);
+				return -EINVAL;
+			}
 			_byte_stream_to_net_words(enciv32, q_req->iv, ivsize);
 			writel_relaxed(enciv32[0], pce_dev->iobase +
 						CRYPTO_CNTR0_IV0_REG);