| From 297c6997dd92be7c7ab46f0d74acf4fa21b18dd4 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Fri, 22 Mar 2024 23:59:15 +0300 |
| Subject: crypto: bcm - Fix pointer arithmetic |
| |
| From: Aleksandr Mishin <amishin@t-argos.ru> |
| |
| [ Upstream commit 2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 ] |
| |
| In spu2_dump_omd() value of ptr is increased by ciph_key_len |
| instead of hash_iv_len which could lead to going beyond the |
| buffer boundaries. |
| Fix this bug by changing ciph_key_len to hash_iv_len. |
| |
| Found by Linux Verification Center (linuxtesting.org) with SVACE. |
| |
| Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") |
| Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/crypto/bcm/spu2.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/crypto/bcm/spu2.c b/drivers/crypto/bcm/spu2.c |
| index 07989bb8c220a..3fdc64b5a65e7 100644 |
| --- a/drivers/crypto/bcm/spu2.c |
| +++ b/drivers/crypto/bcm/spu2.c |
| @@ -495,7 +495,7 @@ static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len, |
| if (hash_iv_len) { |
| packet_log(" Hash IV Length %u bytes\n", hash_iv_len); |
| packet_dump(" hash IV: ", ptr, hash_iv_len); |
| - ptr += ciph_key_len; |
| + ptr += hash_iv_len; |
| } |
| |
| if (ciph_iv_len) { |
| -- |
| 2.43.0 |
| |
