diff options
| author | Nicolai Stange <nicstange@gmail.com> | 2016-05-26 17:19:53 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2016-05-31 04:42:00 -0400 |
| commit | 7af791e0f0d00c14f01ba2ffe3b6e2b50a35fc6f (patch) | |
| tree | 4ac6e6a42d23bbabe2d59dbd6cfd4678b226e12a /lib | |
| parent | c5ce7c697c983693c441573d2948e0ab8d62726e (diff) | |
lib/mpi: mpi_read_from_buffer(): return -EINVAL upon too short buffer
Currently, if the input buffer is shorter than the expected length as
indicated by its first two bytes, an MPI instance of this expected length
will be allocated and filled with as much data as is available. The rest
will remain uninitialized.
Instead of leaving this condition undetected, an error code should be
reported to the caller.
Since this situation indicates that the input buffer's first two bytes,
encoding the number of expected bits, are garbled, -EINVAL is appropriate
here.
If the input buffer is shorter than indicated by its first two bytes,
make mpi_read_from_buffer() return -EINVAL.
Get rid of the 'nread' variable: with the new semantics, the total number
of bytes read from the input buffer is known in advance.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/mpi/mpicoder.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c index 350abaf4bee7..9c6f6b986682 100644 --- a/lib/mpi/mpicoder.c +++ b/lib/mpi/mpicoder.c | |||
| @@ -81,7 +81,7 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread) | |||
| 81 | { | 81 | { |
| 82 | const uint8_t *buffer = xbuffer; | 82 | const uint8_t *buffer = xbuffer; |
| 83 | int i, j; | 83 | int i, j; |
| 84 | unsigned nbits, nbytes, nlimbs, nread = 0; | 84 | unsigned nbits, nbytes, nlimbs; |
| 85 | mpi_limb_t a; | 85 | mpi_limb_t a; |
| 86 | MPI val = NULL; | 86 | MPI val = NULL; |
| 87 | 87 | ||
| @@ -94,9 +94,14 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread) | |||
| 94 | return ERR_PTR(-EINVAL); | 94 | return ERR_PTR(-EINVAL); |
| 95 | } | 95 | } |
| 96 | buffer += 2; | 96 | buffer += 2; |
| 97 | nread = 2; | ||
| 98 | 97 | ||
| 99 | nbytes = DIV_ROUND_UP(nbits, 8); | 98 | nbytes = DIV_ROUND_UP(nbits, 8); |
| 99 | if (nbytes + 2 > *ret_nread) { | ||
| 100 | printk("MPI: mpi larger than buffer nread=%d ret_nread=%d\n", | ||
| 101 | *ret_nread + 1, *ret_nread); | ||
| 102 | return ERR_PTR(-EINVAL); | ||
| 103 | } | ||
| 104 | |||
| 100 | nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB); | 105 | nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB); |
| 101 | val = mpi_alloc(nlimbs); | 106 | val = mpi_alloc(nlimbs); |
| 102 | if (!val) | 107 | if (!val) |
| @@ -109,12 +114,6 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread) | |||
| 109 | for (; j > 0; j--) { | 114 | for (; j > 0; j--) { |
| 110 | a = 0; | 115 | a = 0; |
| 111 | for (; i < BYTES_PER_MPI_LIMB; i++) { | 116 | for (; i < BYTES_PER_MPI_LIMB; i++) { |
| 112 | if (++nread > *ret_nread) { | ||
| 113 | printk | ||
| 114 | ("MPI: mpi larger than buffer nread=%d ret_nread=%d\n", | ||
| 115 | nread, *ret_nread); | ||
| 116 | goto leave; | ||
| 117 | } | ||
| 118 | a <<= 8; | 117 | a <<= 8; |
| 119 | a |= *buffer++; | 118 | a |= *buffer++; |
| 120 | } | 119 | } |
| @@ -122,8 +121,7 @@ MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread) | |||
| 122 | val->d[j - 1] = a; | 121 | val->d[j - 1] = a; |
| 123 | } | 122 | } |
| 124 | 123 | ||
| 125 | leave: | 124 | *ret_nread = nbytes + 2; |
| 126 | *ret_nread = nread; | ||
| 127 | return val; | 125 | return val; |
| 128 | } | 126 | } |
| 129 | EXPORT_SYMBOL_GPL(mpi_read_from_buffer); | 127 | EXPORT_SYMBOL_GPL(mpi_read_from_buffer); |