mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 13:02:44 +01:00
crypto: fix copy size causing overruns/crashing
num_ad is already accounted for in `sizeof(iov)` as iov has size `sizeof(struct iovec) * (num_ad+1)`.
This commit is contained in:
parent
3e634bfbcc
commit
f74e6ff2f2
@ -311,7 +311,7 @@ bool aes_siv_encrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
|
||||
struct iovec iov[num_ad + 1];
|
||||
uint8_t v[16];
|
||||
|
||||
memcpy(iov, ad, sizeof(iov) * num_ad);
|
||||
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
|
||||
iov[num_ad].iov_base = (void *)in;
|
||||
iov[num_ad].iov_len = in_len;
|
||||
num_ad++;
|
||||
@ -368,7 +368,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
|
||||
if (in_len < 16)
|
||||
return false;
|
||||
|
||||
memcpy(iov, ad, sizeof(iov) * num_ad);
|
||||
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
|
||||
iov[num_ad].iov_base = (void *)out;
|
||||
iov[num_ad].iov_len = in_len - 16;
|
||||
num_ad++;
|
||||
|
Loading…
Reference in New Issue
Block a user