Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

crypto: fix copy size causing overruns/crashing 

num_ad is already accounted for in `sizeof(iov)`
as iov has size `sizeof(struct iovec) * (num_ad+1)`.
This commit is contained in:
Will Dietz 2019-10-03 12:18:51 -05:00 committed by Denis Kenzior
parent 3e634bfbcc
commit f74e6ff2f2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/crypto.c
View File

@ -311,7 +311,7 @@ bool aes_siv_encrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
struct iovec iov[num_ad + 1];
uint8_t v[16];
memcpy(iov, ad, sizeof(iov) * num_ad);
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
iov[num_ad].iov_base = (void *)in;
iov[num_ad].iov_len = in_len;
num_ad++;
@ -368,7 +368,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
if (in_len < 16)
return false;
memcpy(iov, ad, sizeof(iov) * num_ad);
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
iov[num_ad].iov_base = (void *)out;
iov[num_ad].iov_len = in_len - 16;
num_ad++;