Am Mittwoch, 9. September 2015, 10:02:17 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:56 AM, Stephan Mueller wrote: >>>> But in the rsa.c enc/dec/verify/sign functions, there should be such >>>> check, >>>> >>>> >> I would guess. >>> > >>> >There is see line 419: >>> >return pkey->n ? mpi_get_size(pkey->n) : -EINVAL; >> >> I feel we are not talking about the same issue. I refer to your patch in >> rsa.c: >> >> + int src_len = sg_len(req->src), dst_len = sg_len(req->dst); >> >> ===> can be negative according to your statement >> >> ... >> >> + void *ptr = kmalloc(dst_len, GFP_KERNEL); >> >> ===> with a negative number, I guess we have a problem here. > >Yes, sorry, you are right. sg_len() will only return positive numbers or >zero. rsa.c checks it in all four operations: >if (unlikely(!pkey->n || !pkey->d || !src_len)) Great, I am not disputing the check for 0, I just want an unsigned int, because sg->length is unsigned int too. :-) Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html