On Tue, Jul 28, 2020 at 04:51:59PM +0100, Elena Petrova wrote:
> +static int rng_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
> +{
> + int err;
> + struct alg_sock *ask = alg_sk(sock->sk);
> + struct rng_ctx *ctx = ask->private;
> +
> + lock_sock(sock->sk);
> + if (len > MAXSIZE)
> + len = MAXSIZE;
> +
> + rng_reset_addtl(ctx);
> + ctx->addtl = kmalloc(len, GFP_KERNEL);
> + if (!ctx->addtl) {
> + err = -ENOMEM;
> + goto unlock;
This error code isn't actually returned.
> + }
> +
> + err = memcpy_from_msg(ctx->addtl, msg, len);
> + if (err) {
> + rng_reset_addtl(ctx);
> + goto unlock;
Likewise.
> +#ifdef CONFIG_CRYPTO_USER_API_CAVP_DRBG
> +static int rng_setentropy(void *private, const u8 *entropy, unsigned int len)
> +{
> + struct rng_parent_ctx *pctx = private;
> + u8 *kentropy = NULL;
> +
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
This should be EACCES, not EPERM. EACCES means the operation will succeed if
you acquire the needed privileges. EPERM means it will never succeed.
> + if (len > MAXSIZE)
> + len = MAXSIZE;
Truncating the length is error prone. Shouldn't this instead return an error
(EMSGSIZE?) if the length is too long, and 0 on success? Remember this is
setsockopt(), not write().
- Eric
