| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aUT31MqDVBQXYr18@gondor.apana.org.au>
Date: Fri, 19 Dec 2025 14:59:32 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Srujana Challa <schalla@...vell.com>,
Bharat Bhushan <bbhushan2@...vell.com>,
"David S. Miller" <davem@...emloft.net>,
"Dr. David Alan Gilbert" <linux@...blig.org>,
Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
Krzysztof Kozlowski <krzk@...nel.org>,
Lukasz Bartosik <lbartosik@...vell.com>, stable@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] crypto: octeontx: Fix length check to avoid truncation
in ucode_load_store
On Wed, Nov 26, 2025 at 10:46:13AM +0100, Thorsten Blum wrote:
> OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
> user writes a string of exactly 64 characters, the original code used
> 'strlen(buf) > 64' to check the length, but then strscpy() copies only
> 63 characters before adding a NUL terminator, silently truncating the
> copied string.
>
> Fix this off-by-one error by using 'count' directly for the length check
> to ensure long names are rejected early and copied without truncation.
>
> Cc: stable@...r.kernel.org
> Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> ---
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists