[PATCH] crypto: talitos - fix bug in sg_copy_end_to_buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In function sg_copy_end_to_buffer, too much data
is copied when a segment in the scatterlist
has .length greater than the requested copy length.

This patch adds the limit checks to fix this bug of over copying,
which affected only the ahash algorithms.

Signed-off-by: Lee Nipper <lee.nipper@xxxxxxxxx>
---
Kim, this corrects the problem causing exceptions
for tcrypt tests 402, 403, and 404.
With this patch the tcrypt tests run through ok.

 drivers/crypto/talitos.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 0f2483e..e058987 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1183,10 +1183,14 @@ static size_t sg_copy_end_to_buffer(struct scatterlist *sgl, unsigned int nents,
 				/* Copy part of this segment */
 				ignore = skip - offset;
 				len = miter.length - ignore;
+				if ((boffset + len) > buflen)
+					len = buflen - boffset;
 				memcpy(buf + boffset, miter.addr + ignore, len);
 			} else {
-				/* Copy all of this segment */
+				/* Copy all of this segment (up to buflen) */
 				len = miter.length;
+				if ((boffset + len) > buflen)
+					len = buflen - boffset;
 				memcpy(buf + boffset, miter.addr, len);
 			}
 			boffset += len;
-- 
1.6.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux