* [PATCH] crypto: octeontx: Fix length check to avoid truncation in ucode_load_store
@ 2025-11-26 9:46 Thorsten Blum
2025-12-19 6:59 ` Herbert Xu
0 siblings, 1 reply; 2+ messages in thread
From: Thorsten Blum @ 2025-11-26 9:46 UTC (permalink / raw)
To: Srujana Challa, Bharat Bhushan, Herbert Xu, David S. Miller,
Dr. David Alan Gilbert, Giovanni Cabiddu, Krzysztof Kozlowski,
Lukasz Bartosik
Cc: Thorsten Blum, stable, linux-crypto, linux-kernel
OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
user writes a string of exactly 64 characters, the original code used
'strlen(buf) > 64' to check the length, but then strscpy() copies only
63 characters before adding a NUL terminator, silently truncating the
copied string.
Fix this off-by-one error by using 'count' directly for the length check
to ensure long names are rejected early and copied without truncation.
Cc: stable@vger.kernel.org
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
index 9f5601c0280b..417a48f41350 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
@@ -1326,7 +1326,7 @@ static ssize_t ucode_load_store(struct device *dev,
int del_grp_idx = -1;
int ucode_idx = 0;
- if (strlen(buf) > OTX_CPT_UCODE_NAME_LENGTH)
+ if (count >= OTX_CPT_UCODE_NAME_LENGTH)
return -EINVAL;
eng_grps = container_of(attr, struct otx_cpt_eng_grps, ucode_load_attr);
--
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: octeontx: Fix length check to avoid truncation in ucode_load_store
2025-11-26 9:46 [PATCH] crypto: octeontx: Fix length check to avoid truncation in ucode_load_store Thorsten Blum
@ 2025-12-19 6:59 ` Herbert Xu
0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2025-12-19 6:59 UTC (permalink / raw)
To: Thorsten Blum
Cc: Srujana Challa, Bharat Bhushan, David S. Miller,
Dr. David Alan Gilbert, Giovanni Cabiddu, Krzysztof Kozlowski,
Lukasz Bartosik, stable, linux-crypto, linux-kernel
On Wed, Nov 26, 2025 at 10:46:13AM +0100, Thorsten Blum wrote:
> OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
> user writes a string of exactly 64 characters, the original code used
> 'strlen(buf) > 64' to check the length, but then strscpy() copies only
> 63 characters before adding a NUL terminator, silently truncating the
> copied string.
>
> Fix this off-by-one error by using 'count' directly for the length check
> to ensure long names are rejected early and copied without truncation.
>
> Cc: stable@vger.kernel.org
> Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-12-19 6:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-26 9:46 [PATCH] crypto: octeontx: Fix length check to avoid truncation in ucode_load_store Thorsten Blum
2025-12-19 6:59 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox