While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller. Thus copying it via memcpy() leads to invalid memory access. Use strlcpy() instead. Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxx> --- crypto/testmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd..d85221c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -974,7 +974,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + strlcpy(iv, template[i].iv, MAX_IVLEN); else memset(iv, 0, MAX_IVLEN); @@ -1049,7 +1049,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, continue; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + strlcpy(iv, template[i].iv, MAX_IVLEN); else memset(iv, 0, MAX_IVLEN); -- 2.4.6 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
