On 09/09/2015 09:49 AM, Stephan Mueller wrote: >>> >> But, shouldn't there be an overflow check? Maybe not here, but in the cases >>> >> where the function is invoked. There is a kmalloc(src_len) without a check >>> >> for negative values. >> > >> >Right, but because testmgr.c calls setkey before this I skipped the check. > But in the rsa.c enc/dec/verify/sign functions, there should be such check, I > would guess. There is see line 419: return pkey->n ? mpi_get_size(pkey->n) : -EINVAL; -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html