Re: [PATCH] crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
From: Herbert Xu
Date: Wed Feb 10 2021 - 02:23:59 EST
On Wed, Feb 03, 2021 at 11:28:37AM +0000, Daniele Alessandrelli wrote:
> From: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx>
>
> The length ('len' parameter) passed to crypto_ecdh_decode_key() is never
> checked against the length encoded in the passed buffer ('buf'
> parameter). This could lead to an out-of-bounds access when the passed
> length is less than the encoded length.
>
> Add a check to prevent that.
>
> Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@xxxxxxxxx>
> ---
> crypto/ecdh_helper.c | 3 +++
> 1 file changed, 3 insertions(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt