lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <SJ2PR11MB8472AE5C88DC7F651DAF944CC9DBA@SJ2PR11MB8472.namprd11.prod.outlook.com>
Date: Mon, 1 Dec 2025 17:28:33 +0000
From: "Sridhar, Kanchana P" <kanchana.p.sridhar@...el.com>
To: Thorsten Blum <thorsten.blum@...ux.dev>, "Accardi, Kristen C"
	<kristen.c.accardi@...el.com>, "Gomes, Vinicius" <vinicius.gomes@...el.com>,
	Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller"
	<davem@...emloft.net>, Tom Zanussi <tom.zanussi@...ux.intel.com>
CC: "stable@...r.kernel.org" <stable@...r.kernel.org>,
	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Sridhar,
 Kanchana P" <kanchana.p.sridhar@...el.com>
Subject: RE: [PATCH] crypto: iaa - Fix out-of-bounds index in
 find_empty_iaa_compression_mode


> -----Original Message-----
> From: Thorsten Blum <thorsten.blum@...ux.dev>
> Sent: Thursday, November 27, 2025 6:02 AM
> To: Accardi, Kristen C <kristen.c.accardi@...el.com>; Gomes, Vinicius
> <vinicius.gomes@...el.com>; Sridhar, Kanchana P
> <kanchana.p.sridhar@...el.com>; Herbert Xu
> <herbert@...dor.apana.org.au>; David S. Miller <davem@...emloft.net>;
> Tom Zanussi <tom.zanussi@...ux.intel.com>
> Cc: Thorsten Blum <thorsten.blum@...ux.dev>; stable@...r.kernel.org;
> linux-crypto@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: [PATCH] crypto: iaa - Fix out-of-bounds index in
> find_empty_iaa_compression_mode
> 
> The local variable 'i' is initialized with -EINVAL, but the for loop
> immediately overwrites it and -EINVAL is never returned.
> 
> If no empty compression mode can be found, the function would return the
> out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid
> array access in add_iaa_compression_mode().
> 
> Fix both issues by returning either a valid index or -EINVAL.
> 
> Cc: stable@...r.kernel.org
> Fixes: b190447e0fa3 ("crypto: iaa - Add compression mode management
> along with fixed mode")
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>

Acked-by: Kanchana P Sridhar <kanchana.p.sridhar@...el.com>


> ---
>  drivers/crypto/intel/iaa/iaa_crypto_main.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/crypto/intel/iaa/iaa_crypto_main.c
> b/drivers/crypto/intel/iaa/iaa_crypto_main.c
> index 23f585219fb4..8ee2a55ec449 100644
> --- a/drivers/crypto/intel/iaa/iaa_crypto_main.c
> +++ b/drivers/crypto/intel/iaa/iaa_crypto_main.c
> @@ -221,15 +221,13 @@ static struct iaa_compression_mode
> *iaa_compression_modes[IAA_COMP_MODES_MAX];
> 
>  static int find_empty_iaa_compression_mode(void)
>  {
> -	int i = -EINVAL;
> +	int i;
> 
> -	for (i = 0; i < IAA_COMP_MODES_MAX; i++) {
> -		if (iaa_compression_modes[i])
> -			continue;
> -		break;
> -	}
> +	for (i = 0; i < IAA_COMP_MODES_MAX; i++)
> +		if (!iaa_compression_modes[i])
> +			return i;
> 
> -	return i;
> +	return -EINVAL;
>  }
> 
>  static struct iaa_compression_mode *find_iaa_compression_mode(const
> char *name, int *idx)
> --
> Thorsten Blum <thorsten.blum@...ux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ