From patchwork Fri Jan 29 13:10:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jerome Marchand X-Patchwork-Id: 8163121 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 13E499F440 for ; Fri, 29 Jan 2016 13:11:06 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 5120C20382 for ; Fri, 29 Jan 2016 13:11:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7D59220340 for ; Fri, 29 Jan 2016 13:11:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755972AbcA2NKU (ORCPT ); Fri, 29 Jan 2016 08:10:20 -0500 Received: from mx1.redhat.com ([209.132.183.28]:51749 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753071AbcA2NKN (ORCPT ); Fri, 29 Jan 2016 08:10:13 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 0251349DCC; Fri, 29 Jan 2016 13:10:12 +0000 (UTC) Received: from dhcp-1-138.brq.redhat.com (dhcp-1-138.brq.redhat.com [10.34.1.138]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id u0TDAA0w014447; Fri, 29 Jan 2016 08:10:10 -0500 Received: by dhcp-1-138.brq.redhat.com (sSMTP sendmail emulation); Fri, 29 Jan 2016 14:10:09 +0100 From: "Jerome Marchand" To: Herbert Xu , "David S. Miller" Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fix out of bound read in __test_aead() Date: Fri, 29 Jan 2016 14:10:09 +0100 Message-Id: <1454073009-13665-1-git-send-email-jmarchan@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP __test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index ae8c57fd..d3587d5 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -617,7 +617,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc, j++; if (template[i].iv) - memcpy(iv, template[i].iv, MAX_IVLEN); + memcpy(iv, template[i].iv, iv_len); else memset(iv, 0, MAX_IVLEN);