Am Mittwoch, 9. September 2015, 09:46:36 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:39 AM, Stephan Mueller wrote: >>> No, because it can return -EINVAL if you call it before you set the key. >> >> I see. >> >> But, shouldn't there be an overflow check? Maybe not here, but in the cases >> where the function is invoked. There is a kmalloc(src_len) without a check >> for negative values. > >Right, but because testmgr.c calls setkey before this I skipped the check. But in the rsa.c enc/dec/verify/sign functions, there should be such check, I would guess. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html