summaryrefslogtreecommitdiff
path: root/drivers/s390/crypto/zcrypt_msgtype6.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/s390/crypto/zcrypt_msgtype6.c')
-rw-r--r--drivers/s390/crypto/zcrypt_msgtype6.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/drivers/s390/crypto/zcrypt_msgtype6.c b/drivers/s390/crypto/zcrypt_msgtype6.c
index 6c874808c356..914151c03753 100644
--- a/drivers/s390/crypto/zcrypt_msgtype6.c
+++ b/drivers/s390/crypto/zcrypt_msgtype6.c
@@ -938,28 +938,37 @@ static void zcrypt_msgtype6_receive(struct ap_queue *aq,
t86r->cprbx.cprb_ver_id == 0x02) {
switch (resp_type->type) {
case CEXXC_RESPONSE_TYPE_ICA:
- len = sizeof(struct type86x_reply) + t86r->length - 2;
- if (len > reply->bufsize || len > msg->bufsize) {
+ len = sizeof(struct type86x_reply) + t86r->length;
+ if (len > reply->bufsize || len > msg->bufsize ||
+ len != reply->len) {
+ ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__);
msg->rc = -EMSGSIZE;
- } else {
- memcpy(msg->msg, reply->msg, len);
- msg->len = len;
+ goto out;
}
+ memcpy(msg->msg, reply->msg, len);
+ msg->len = len;
break;
case CEXXC_RESPONSE_TYPE_XCRB:
- len = t86r->fmt2.offset2 + t86r->fmt2.count2;
- if (len > reply->bufsize || len > msg->bufsize) {
+ if (t86r->fmt2.count2)
+ len = t86r->fmt2.offset2 + t86r->fmt2.count2;
+ else
+ len = t86r->fmt2.offset1 + t86r->fmt2.count1;
+ if (len > reply->bufsize || len > msg->bufsize ||
+ len != reply->len) {
+ ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__);
msg->rc = -EMSGSIZE;
- } else {
- memcpy(msg->msg, reply->msg, len);
- msg->len = len;
+ goto out;
}
+ memcpy(msg->msg, reply->msg, len);
+ msg->len = len;
break;
default:
memcpy(msg->msg, &error_reply, sizeof(error_reply));
+ msg->len = sizeof(error_reply);
}
} else {
memcpy(msg->msg, reply->msg, sizeof(error_reply));
+ msg->len = sizeof(error_reply);
}
out:
complete(&resp_type->work);
@@ -994,18 +1003,22 @@ static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
switch (resp_type->type) {
case CEXXC_RESPONSE_TYPE_EP11:
len = t86r->fmt2.offset1 + t86r->fmt2.count1;
- if (len > reply->bufsize || len > msg->bufsize) {
+ if (len > reply->bufsize || len > msg->bufsize ||
+ len != reply->len) {
+ ZCRYPT_DBF_DBG("%s len mismatch => EMSGSIZE\n", __func__);
msg->rc = -EMSGSIZE;
- } else {
- memcpy(msg->msg, reply->msg, len);
- msg->len = len;
+ goto out;
}
+ memcpy(msg->msg, reply->msg, len);
+ msg->len = len;
break;
default:
memcpy(msg->msg, &error_reply, sizeof(error_reply));
+ msg->len = sizeof(error_reply);
}
} else {
memcpy(msg->msg, reply->msg, sizeof(error_reply));
+ msg->len = sizeof(error_reply);
}
out:
complete(&resp_type->work);
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-07 00:36:53 +0300