diff options
Diffstat (limited to 'crypto/authenc.c')
| -rw-r--r-- | crypto/authenc.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/authenc.c b/crypto/authenc.c index 37f54d1b2f66..4be293a4b5f0 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c | |||
| @@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key, | |||
| 58 | return -EINVAL; | 58 | return -EINVAL; |
| 59 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | 59 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
| 60 | return -EINVAL; | 60 | return -EINVAL; |
| 61 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | 61 | |
| 62 | /* | ||
| 63 | * RTA_OK() didn't align the rtattr's payload when validating that it | ||
| 64 | * fits in the buffer. Yet, the keys should start on the next 4-byte | ||
| 65 | * aligned boundary. To avoid confusion, require that the rtattr | ||
| 66 | * payload be exactly the param struct, which has a 4-byte aligned size. | ||
| 67 | */ | ||
| 68 | if (RTA_PAYLOAD(rta) != sizeof(*param)) | ||
| 62 | return -EINVAL; | 69 | return -EINVAL; |
| 70 | BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO); | ||
| 63 | 71 | ||
| 64 | param = RTA_DATA(rta); | 72 | param = RTA_DATA(rta); |
| 65 | keys->enckeylen = be32_to_cpu(param->enckeylen); | 73 | keys->enckeylen = be32_to_cpu(param->enckeylen); |
| 66 | 74 | ||
| 67 | key += RTA_ALIGN(rta->rta_len); | 75 | key += rta->rta_len; |
| 68 | keylen -= RTA_ALIGN(rta->rta_len); | 76 | keylen -= rta->rta_len; |
| 69 | 77 | ||
| 70 | if (keylen < keys->enckeylen) | 78 | if (keylen < keys->enckeylen) |
| 71 | return -EINVAL; | 79 | return -EINVAL; |