Re: [PATCH] crypto: sun4i-ss: restrict PRNG seed length to prevent heap overflow

Next message: Qiang Yu: "Re: [PATCH v4 1/7] dt-bindings: clock: qcom,sm8550-tcsr: Add QREF/REFGEN supply properties for glymur and mahua"
Previous message: Chukun Pan: "Re: [PATCH v2 2/5] arm64: dts: rockchip: Enable USB 2.0 ports on Radxa E20C"
In reply to: Herbert Xu: "Re: [PATCH] crypto: sun4i-ss: restrict PRNG seed length to prevent heap overflow"
Next in thread: Tianchu Chen: "[PATCH v2] crypto: sun4i-ss - clamp PRNG seed length to prevent heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tianchu Chen

Date: Fri May 29 2026 - 03:09:24 EST

May 29, 2026 at 2:11 PM, "Herbert Xu" <herbert@xxxxxxxxxxxxxxxxxxx mailto:herbert@xxxxxxxxxxxxxxxxxxx?to=%22Herbert%20Xu%22%20%3Cherbert%40gondor.apana.org.au%3E > wrote:

>
> On Thu, May 28, 2026 at 02:53:17PM +0000, Tianchu Chen wrote:
>
> >
> > diff --git a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > index 491fcb7b8..010fa891c 100644
> > --- a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > +++ b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > @@ -8,6 +8,8 @@ int sun4i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed,
> > struct rng_alg *alg = crypto_rng_alg(tfm);
> >
> > algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng);
> > + if (slen > sizeof(algt->ss->seed))
> > + return -EINVAL;
> >
> This should simply ignore the extra data instead of failing.

Thanks for pointing out, silent truncation is more appropriate here.

I'll send a v2 patch with min_t soon.

Best regards,
Tianchu Chen