On Thu, Sep 03, 2015 at 02:32:00PM +0300, Andrey Ryabinin wrote: > While the destination buffer 'iv' is MAX_IVLEN size, > the source 'template[i].iv' could be smaller. Thus > copying it via memcpy() leads to invalid memory access. > Use strlcpy() instead. > > Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxx> Thanks for the patch. Unfortunately it's broken because the IV is not a string and can contain NULs. So either fix it by using the real ivsize, or change template[i].iv to a char array. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html