[PATCH] crypto: talitos - fix bug in sg_copy_end_to

Linux cryptographic layer development
 help / color / mirror / Atom feed

* [PATCH] crypto: talitos - fix bug in sg_copy_end_to_buffer
@ 2010-07-11 20:24 Lee Nipper
  2010-07-13  0:22 ` Kim Phillips
  0 siblings, 1 reply; 2+ messages in thread
From: Lee Nipper @ 2010-07-11 20:24 UTC (permalink / raw)
  To: linux-crypto; +Cc: Lee Nipper

In function sg_copy_end_to_buffer, too much data
is copied when a segment in the scatterlist
has .length greater than the requested copy length.

This patch adds the limit checks to fix this bug of over copying,
which affected only the ahash algorithms.

Signed-off-by: Lee Nipper <lee.nipper@gmail.com>
---
Kim, this corrects the problem causing exceptions
for tcrypt tests 402, 403, and 404.
With this patch the tcrypt tests run through ok.

 drivers/crypto/talitos.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 0f2483e..e058987 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1183,10 +1183,14 @@ static size_t sg_copy_end_to_buffer(struct scatterlist *sgl, unsigned int nents,
 				/* Copy part of this segment */
 				ignore = skip - offset;
 				len = miter.length - ignore;
+				if ((boffset + len) > buflen)
+					len = buflen - boffset;
 				memcpy(buf + boffset, miter.addr + ignore, len);
 			} else {
-				/* Copy all of this segment */
+				/* Copy all of this segment (up to buflen) */
 				len = miter.length;
+				if ((boffset + len) > buflen)
+					len = buflen - boffset;
 				memcpy(buf + boffset, miter.addr, len);
 			}
 			boffset += len;
-- 
1.6.0.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] crypto: talitos - fix bug in sg_copy_end_to_buffer
  2010-07-11 20:24 [PATCH] crypto: talitos - fix bug in sg_copy_end_to_buffer Lee Nipper
@ 2010-07-13  0:22 ` Kim Phillips
  0 siblings, 0 replies; 2+ messages in thread
From: Kim Phillips @ 2010-07-13  0:22 UTC (permalink / raw)
  To: Lee Nipper; +Cc: linux-crypto

On Sun, 11 Jul 2010 15:24:06 -0500
Lee Nipper <lee.nipper@gmail.com> wrote:

> In function sg_copy_end_to_buffer, too much data
> is copied when a segment in the scatterlist
> has .length greater than the requested copy length.
> 
> This patch adds the limit checks to fix this bug of over copying,
> which affected only the ahash algorithms.
> 
> Signed-off-by: Lee Nipper <lee.nipper@gmail.com>
> ---
> Kim, this corrects the problem causing exceptions
> for tcrypt tests 402, 403, and 404.
> With this patch the tcrypt tests run through ok.

Ack, but..

> +				if ((boffset + len) > buflen)

inner parens aren't necessary.

Kim

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-07-13  0:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-11 20:24 [PATCH] crypto: talitos - fix bug in sg_copy_end_to_buffer Lee Nipper
2010-07-13  0:22 ` Kim Phillips

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox