From c9f4b0f0ca8a1e35af685c36560083367cfdf8f3 Mon Sep 17 00:00:00 2001
From: Tanwee Kausar <tkausar@codeaurora.org>
Date: Mon, 10 Aug 2020 16:10:50 -0700
Subject: [PATCH] crypto: Fix possible stack out of bound error

Adding fix to check the upper limit on the length
of the destination array while copying elements from
source address to avoid stack out of bound error.

Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471
Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>
---
 drivers/crypto/msm/qce50.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 9378eb7e3cac..4dffe02f4b89 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -781,6 +781,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq,
 	switch (creq->alg) {
 	case CIPHER_ALG_DES:
 		if (creq->mode !=  QCE_MODE_ECB) {
+			if (ivsize > MAX_IV_LENGTH) {
+				pr_err("%s: error: Invalid length parameter\n",
+					 __func__);
+				return -EINVAL;
+			}
 			_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
 			pce = cmdlistinfo->encr_cntr_iv;
 			pce->data = enciv32[0];