diff options
author | Aleksandr Mishin <amishin@t-argos.ru> | 2024-03-22 23:59:15 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-06-12 12:03:04 +0300 |
commit | 49833a8da6407e7e9b532cc4054fdbcaf78f5fdd (patch) | |
tree | 5e2ea5eec98930a6937914a9023e5bddde2740ce /drivers/crypto/bcm | |
parent | 24119acfc7631689a864f85c6ff532973ab9324a (diff) | |
download | linux-49833a8da6407e7e9b532cc4054fdbcaf78f5fdd.tar.xz |
crypto: bcm - Fix pointer arithmetic
[ Upstream commit 2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 ]
In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.
Fix this bug by changing ciph_key_len to hash_iv_len.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/crypto/bcm')
-rw-r--r-- | drivers/crypto/bcm/spu2.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/bcm/spu2.c b/drivers/crypto/bcm/spu2.c index 07989bb8c220..3fdc64b5a65e 100644 --- a/drivers/crypto/bcm/spu2.c +++ b/drivers/crypto/bcm/spu2.c @@ -495,7 +495,7 @@ static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len, if (hash_iv_len) { packet_log(" Hash IV Length %u bytes\n", hash_iv_len); packet_dump(" hash IV: ", ptr, hash_iv_len); - ptr += ciph_key_len; + ptr += hash_iv_len; } if (ciph_iv_len) { |