From c1898bb599fc78c86bad1374ab90b527d10fd7e0 Mon Sep 17 00:00:00 2001 From: Tanwee Kausar Date: Mon, 10 Aug 2020 16:10:50 -0700 Subject: [PATCH] crypto: Fix possible stack out of bound error Adding fix to check the upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471 Signed-off-by: Tanwee Kausar --- drivers/crypto/msm/qce50.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c index 3d9b11ca2cf0..e73d5534d214 100644 --- a/drivers/crypto/msm/qce50.c +++ b/drivers/crypto/msm/qce50.c @@ -848,6 +848,11 @@ static int _ce_setup_cipher(struct qce_device *pce_dev, struct qce_req *creq, switch (creq->alg) { case CIPHER_ALG_DES: if (creq->mode != QCE_MODE_ECB) { + if (ivsize > MAX_IV_LENGTH) { + pr_err("%s: error: Invalid length parameter\n", + __func__); + return -EINVAL; + } _byte_stream_to_net_words(enciv32, creq->iv, ivsize); pce = cmdlistinfo->encr_cntr_iv; pce->data = enciv32[0];