| Message ID | 1389354321-32096-1-git-send-email-ch.naveen@samsung.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Naveen, On 10.01.2014 12:45, Naveen Krishna Chatradhi wrote: > This patch adds code to validate "iv" buffer before trying to > memcpy the contents > > Signed-off-by: Naveen Krishna Chatradhi <ch.naveen@samsung.com> > --- > Changes since v2: > None > > drivers/crypto/s5p-sss.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c > index f274f5f..7058bb6 100644 > --- a/drivers/crypto/s5p-sss.c > +++ b/drivers/crypto/s5p-sss.c > @@ -381,8 +381,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, > struct samsung_aes_variant *var = dev->variant; > void __iomem *keystart; > > - memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA > - (var->aes_offset, 0), iv, 0x10); > + if (iv) > + memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA > + (var->aes_offset, 0), iv, 0x10); In what conditions can the iv end up being NULL? Best regards, Tomasz -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hello Tomasz, On 10 January 2014 21:33, Tomasz Figa <t.figa@samsung.com> wrote: > Hi Naveen, > > > On 10.01.2014 12:45, Naveen Krishna Chatradhi wrote: >> >> This patch adds code to validate "iv" buffer before trying to >> memcpy the contents >> >> Signed-off-by: Naveen Krishna Chatradhi <ch.naveen@samsung.com> >> --- >> Changes since v2: >> None >> >> drivers/crypto/s5p-sss.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c >> index f274f5f..7058bb6 100644 >> --- a/drivers/crypto/s5p-sss.c >> +++ b/drivers/crypto/s5p-sss.c >> @@ -381,8 +381,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, >> struct samsung_aes_variant *var = dev->variant; >> void __iomem *keystart; >> >> - memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA >> - (var->aes_offset, 0), iv, 0x10); >> + if (iv) >> + memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA >> + (var->aes_offset, 0), iv, 0x10); > > > In what conditions can the iv end up being NULL? req->info is the initialization vector in our case, which comes from user space. Its good to have a check to avoid any crashes. Also AES ECB mode does not use IV. > > Best regards, > Tomasz
diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index f274f5f..7058bb6 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -381,8 +381,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, struct samsung_aes_variant *var = dev->variant; void __iomem *keystart; - memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA - (var->aes_offset, 0), iv, 0x10); + if (iv) + memcpy(dev->ioaddr + SSS_REG_AES_IV_DATA + (var->aes_offset, 0), iv, 0x10); if (keylen == AES_KEYSIZE_256) keystart = dev->ioaddr +
This patch adds code to validate "iv" buffer before trying to memcpy the contents Signed-off-by: Naveen Krishna Chatradhi <ch.naveen@samsung.com> --- Changes since v2: None drivers/crypto/s5p-sss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)