aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorLee Nipper <lee.nipper@gmail.com>2010-07-19 02:11:24 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2010-07-19 02:11:24 -0400
commit7260042b2d0397e7a8735ca47cd7839a5bb1210b (patch)
treeda92181f60f67f1e82378e59edfd13def6a51fe7 /drivers
parent2716fbf63ee39eadc1aa9b3841b20f75b99a9bc3 (diff)
crypto: talitos - fix bug in sg_copy_end_to_buffer
In function sg_copy_end_to_buffer, too much data is copied when a segment in the scatterlist has .length greater than the requested copy length. This patch adds the limit checks to fix this bug of over copying, which affected only the ahash algorithms. Signed-off-by: Lee Nipper <lee.nipper@gmail.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/crypto/talitos.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 637c105f53d2..bd78acf3c365 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1183,10 +1183,14 @@ static size_t sg_copy_end_to_buffer(struct scatterlist *sgl, unsigned int nents,
1183 /* Copy part of this segment */ 1183 /* Copy part of this segment */
1184 ignore = skip - offset; 1184 ignore = skip - offset;
1185 len = miter.length - ignore; 1185 len = miter.length - ignore;
1186 if (boffset + len > buflen)
1187 len = buflen - boffset;
1186 memcpy(buf + boffset, miter.addr + ignore, len); 1188 memcpy(buf + boffset, miter.addr + ignore, len);
1187 } else { 1189 } else {
1188 /* Copy all of this segment */ 1190 /* Copy all of this segment (up to buflen) */
1189 len = miter.length; 1191 len = miter.length;
1192 if (boffset + len > buflen)
1193 len = buflen - boffset;
1190 memcpy(buf + boffset, miter.addr, len); 1194 memcpy(buf + boffset, miter.addr, len);
1191 } 1195 }
1192 boffset += len; 1196 boffset += len;