| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jan 2016 14:10:09 +0100 From: "Jerome Marchand" <jmarchan@...hat.com> To: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH] fix out of bound read in __test_aead() __test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand <jmarchan@...hat.com> --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index ae8c57fd..d3587d5 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -617,7 +617,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc, j++; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, iv_len); else memset(iv, 0, MAX_IVLEN); -- 2.5.0
Powered by blists - more mailing lists