From patchwork Thu May 26 21:19:53 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolai Stange <nicstange@gmail.com>
X-Patchwork-Id: 9137423
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	21CCF602A7 for <patchwork-linux-crypto@patchwork.kernel.org>;
	Thu, 26 May 2016 21:20:58 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13348282F6
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Thu, 26 May 2016 21:20:58 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 08373282FA; Thu, 26 May 2016 21:20:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_HI,T_DKIM_INVALID
	autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7FD9E282F7
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Thu, 26 May 2016 21:20:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755114AbcEZVUv (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Thu, 26 May 2016 17:20:51 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:34825 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755477AbcEZVUN (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Thu, 26 May 2016 17:20:13 -0400
Received: by mail-wm0-f66.google.com with SMTP id e3so9033364wme.2;
	Thu, 26 May 2016 14:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=rS46U49I0Z7+O/rwZNRxh8Sn9GKbPbrPTeDSEknQT/s=;
	b=lIp64hbFlf0O4mU5uUbsA9/7H6ugj4w+ba0dyM29lUrWlPEqsAwqiUR3/lQwp4OQSl
	NgjPJ3LMPk3IdRt4Hg7Y4U2ZeDTYnuqInDNHHv7c4IiARs7yXN8SIRJt6tc1ghPL4jDR
	q9iAK+qO4EEWLsvXaNTKjVHfXMLAkChwFN+7iMjkJ5GwqO1ZmrgXhfu1P12Ak4fhAmm3
	GCtdsGoEwODMIrnjf/34kZ1GJ+dr2XiFMnIqPgwN/bsqlkGwaDJsM13csZ8PtuxK+Vu0
	EXwdtnJ6WcJrPRab51zR0KrHdJ0nYoTilvanbGrGUGAOgn9M2AFUKnVqu9E3lvYXjI3k
	W50Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=rS46U49I0Z7+O/rwZNRxh8Sn9GKbPbrPTeDSEknQT/s=;
	b=VLEQ8BBRIMV9KpFzkIjh8tqR0Fn8tIcsUckjtZ9RORfXy9gz6OdJI+LtdHWFeZeZkw
	eE+a36PrSjx10YJEO52F4Te3zEwMT6YjCJdnP1CMAnV6QAJV7tS1au6CA6nbJ89hk09o
	L652Cg+4JyWP3KR9Nd8uirnuVLEzNI8ui29T///xkfs1AMqyeU5VDVYZ+DFPWotDXnrl
	KDQgUdjmz+Dt4cLc4Z1Tb8vlficYmKbyw5vaQFuCU3Cwfy49tbPHZxtjjvTp7DQdVGh1
	qImrGHjH7z5Y1ZeuP5arNo4705tGwkcko2ElWe0EfJa2subYM9o9mpgMvoyE8BZdV4dW
	nCnw==
X-Gm-Message-State: 
 ALyK8tKM9/G4mjPxHV8tUo9to2PpozOt/uJD5SG9j5pC9YIOZDpb7+fl/98Y2PnN6zTlAg==
X-Received: by 10.194.85.161 with SMTP id i1mr12459785wjz.95.1464297611509;
	Thu, 26 May 2016 14:20:11 -0700 (PDT)
Received: from localhost (x55b166e2.dyn.telefonica.de. [85.177.102.226])
	by smtp.gmail.com with ESMTPSA id
	gk4sm16086282wjd.7.2016.05.26.14.20.10
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 26 May 2016 14:20:11 -0700 (PDT)
From: Nicolai Stange <nicstange@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Howells <dhowells@redhat.com>,
	Tadeusz Struk <tadeusz.struk@intel.com>,
	Michal Marek <mmarek@suse.com>, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, Nicolai Stange <nicstange@gmail.com>
Subject: [PATCH 3/5] lib/mpi: mpi_read_from_buffer(): return -EINVAL upon
	too short buffer
Date: Thu, 26 May 2016 23:19:53 +0200
Message-Id: <1464297595-24032-4-git-send-email-nicstange@gmail.com>
X-Mailer: git-send-email 2.8.2
In-Reply-To: <1464297595-24032-1-git-send-email-nicstange@gmail.com>
References: <1464297595-24032-1-git-send-email-nicstange@gmail.com>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Currently, if the input buffer is shorter than the expected length as
indicated by its first two bytes, an MPI instance of this expected length
will be allocated and filled with as much data as is available. The rest
will remain uninitialized.

Instead of leaving this condition undetected, an error code should be
reported to the caller.

Since this situation indicates that the input buffer's first two bytes,
encoding the number of expected bits, are garbled, -EINVAL is appropriate
here.

If the input buffer is shorter than indicated by its first two bytes,
make mpi_read_from_buffer() return -EINVAL.
Get rid of the 'nread' variable: with the new semantics, the total number
of bytes read from the input buffer is known in advance.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
---
 lib/mpi/mpicoder.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 275c71e..869c66c 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
@@ -83,7 +83,7 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread)
 {
 	const uint8_t *buffer = xbuffer;
 	int i, j;
-	unsigned nbits, nbytes, nlimbs, nread = 0;
+	unsigned nbits, nbytes, nlimbs;
 	mpi_limb_t a;
 	MPI val = NULL;
 
@@ -96,9 +96,14 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread)
 		return ERR_PTR(-EINVAL);
 	}
 	buffer += 2;
-	nread = 2;
 
 	nbytes = DIV_ROUND_UP(nbits, 8);
+	if (nbytes + 2 > *ret_nread) {
+		printk("MPI: mpi larger than buffer nread=%d ret_nread=%d\n",
+				*ret_nread + 1, *ret_nread);
+		return ERR_PTR(-EINVAL);
+	}
+
 	nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB);
 	val = mpi_alloc(nlimbs);
 	if (!val)
@@ -111,12 +116,6 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread)
 	for (; j > 0; j--) {
 		a = 0;
 		for (; i < BYTES_PER_MPI_LIMB; i++) {
-			if (++nread > *ret_nread) {
-				printk
-				    ("MPI: mpi larger than buffer nread=%d ret_nread=%d\n",
-				     nread, *ret_nread);
-				goto leave;
-			}
 			a <<= 8;
 			a |= *buffer++;
 		}
@@ -124,8 +123,7 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread)
 		val->d[j - 1] = a;
 	}
 
-leave:
-	*ret_nread = nread;
+	*ret_nread = nbytes + 2;
 	return val;
 }
 EXPORT_SYMBOL_GPL(mpi_read_from_buffer);