On Fri, 2022-10-07 at 19:09 +0000, Elliott, Robert (Servers) wrote:
> > -----Original Message-----
> > From: gjoyce@xxxxxxxxxxxxxxxxxx <gjoyce@xxxxxxxxxxxxxxxxxx>
> > Sent: Friday, August 19, 2022 5:32 PM
> > To: linux-block@xxxxxxxxxxxxxxx
> > Cc: linuxppc-dev@xxxxxxxxxxxxxxxx; jonathan.derrick@xxxxxxxxx;
> > brking@xxxxxxxxxxxxxxxxxx; msuchanek@xxxxxxx; mpe@xxxxxxxxxxxxxx;
> > nayna@xxxxxxxxxxxxx; axboe@xxxxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx;
> > gjoyce@xxxxxxxxxxxxxxxxxx; linux-efi@xxxxxxxxxxxxxxx;
> > keyrings@xxxxxxxxxxxxxxx; dhowells@xxxxxxxxxx; jarkko@xxxxxxxxxx
> > Subject: [PATCH v4 2/3] powerpc/pseries: PLPKS SED Opal keystore
> > support
> >
> > +++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> ...
> > +struct plpks_sed_object_data {
> > + u_char version;
> > + u_char pad1[7];
> > + u_long authority;
> > + u_long range;
> > + u_int key_len;
> > + u_char key[32];
> > +};
> ...
> > +/*
> > + * Read the SED Opal key from PLPKS given the label
> > + */
> > +int sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> ...
> > + *keylen = be32_to_cpu(data->key_len);
> > +
> > + if (var.data) {
> > + memcpy(key, var.data + offset, var.datalen - offset);
> > + key[*keylen] = '\0';
>
> Is there a guarantee that key_len is always < sizeof key, or
> does that need to be checked in more places?
Changed keylen paramter to be the maximum size that it copied. This
will help avoid buffer overwrite.
