5 files changed, 47 insertions, 15 deletions
diff --git a/drivers/target/target_core_fabric_lib.c b/drivers/target/target_core_fabric_lib.c
index c4ea3a9a555b..39f021b855ef 100644
--- a/drivers/target/target_core_fabric_lib.c
+++ b/drivers/target/target_core_fabric_lib.c
@@ -63,6 +63,7 @@ u32 sas_get_pr_transport_id(
        unsigned char *buf)
 {
        unsigned char *ptr;
+        int ret;
        /*
         * Set PROTOCOL IDENTIFIER to 6h for SAS
@@ -74,7 +75,9 @@ u32 sas_get_pr_transport_id(
         */
        ptr = &se_nacl->initiatorname[4]; /* Skip over 'naa. prefix */
-        hex2bin(&buf[4], ptr, 8);
+        ret = hex2bin(&buf[4], ptr, 8);
+        if (ret < 0)
+                pr_debug("sas transport_id: invalid hex string\n");
        /*
         * The SAS Transport ID is a hardcoded 24-byte length
@@ -156,8 +159,9 @@ u32 fc_get_pr_transport_id(
        unsigned char *buf)
 {
        unsigned char *ptr;
-        int i;
+        int i, ret;
        u32 off = 8;
        /*
         * PROTOCOL IDENTIFIER is 0h for FCP-2
         *
@@ -174,7 +178,9 @@ u32 fc_get_pr_transport_id(
                        i++;
                        continue;
                }
-                hex2bin(&buf[off++], &ptr[i], 1);
+                ret = hex2bin(&buf[off++], &ptr[i], 1);
+                if (ret < 0)
+                        pr_debug("fc transport_id: invalid hex string\n");
                i += 2;
        }
        /*
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 46ac9a50528d..8eefcf7e95eb 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char *pack_hex_byte(char *buf, u8 byte)
 }
 extern int hex_to_bin(char ch);
-extern void hex2bin(u8 *dst, const char *src, size_t count);
+extern int __must_check hex2bin(u8 *dst, const char *src, size_t count);
 /*
 * General tracing related utility functions - trace_printk(),
diff --git a/lib/hexdump.c b/lib/hexdump.c
index f5fe6ba7a3ab..51d5ae210244 100644
--- a/lib/hexdump.c
+++ b/lib/hexdump.c
@@ -38,14 +38,21 @@ EXPORT_SYMBOL(hex_to_bin);
 * @dst: binary result
 * @src: ascii hexadecimal string
 * @count: result length
+ *
+ * Return 0 on success, -1 in case of bad input.
 */
-void hex2bin(u8 *dst, const char *src, size_t count)
+int hex2bin(u8 *dst, const char *src, size_t count)
 {
        while (count--) {
-                *dst = hex_to_bin(*src++) << 4;
+                int hi = hex_to_bin(*src++);
-                *dst += hex_to_bin(*src++);
+                int lo = hex_to_bin(*src++);
-                dst++;
+                if ((hi < 0) || (lo < 0))
+                        return -1;
+                *dst++ = (hi << 4) | lo;
        }
+        return 0;
 }
 EXPORT_SYMBOL(hex2bin);
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 3f577954b85a..f33804c1b4c8 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
                return -EINVAL;
        hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
-        hex2bin(epayload->iv, hex_encoded_iv, ivsize);
+        ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);
-        hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);
+        if (ret < 0)
+                return -EINVAL;
+        ret = hex2bin(epayload->encrypted_data, hex_encoded_data,
+                      encrypted_datalen);
+        if (ret < 0)
+                return -EINVAL;
        hmac = epayload->format + epayload->datablob_len;
-        hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);
+        ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
+                      HASH_SIZE);
+        if (ret < 0)
+                return -EINVAL;
        mkey = request_master_key(epayload, &master_key, &master_keylen);
        if (IS_ERR(mkey))
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 0c33e2ea1f3c..0964fc236946 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -779,7 +779,10 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
                        opt->pcrinfo_len = strlen(args[0].from) / 2;
                        if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
                                return -EINVAL;
-                        hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
+                        res = hex2bin(opt->pcrinfo, args[0].from,
+                                      opt->pcrinfo_len);
+                        if (res < 0)
+                                return -EINVAL;
                        break;
                case Opt_keyhandle:
                        res = strict_strtoul(args[0].from, 16, &handle);
@@ -791,12 +794,18 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
                case Opt_keyauth:
                        if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
                                return -EINVAL;
-                        hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE);
+                        res = hex2bin(opt->keyauth, args[0].from,
+                                      SHA1_DIGEST_SIZE);
+                        if (res < 0)
+                                return -EINVAL;
                        break;
                case Opt_blobauth:
                        if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
                                return -EINVAL;
-                        hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE);
+                        res = hex2bin(opt->blobauth, args[0].from,
+                                      SHA1_DIGEST_SIZE);
+                        if (res < 0)
+                                return -EINVAL;
                        break;
                case Opt_migratable:
                        if (*args[0].from == '0')
@@ -860,7 +869,9 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
                p->blob_len = strlen(c) / 2;
                if (p->blob_len > MAX_BLOB_SIZE)
                        return -EINVAL;
-                hex2bin(p->blob, c, p->blob_len);
+                ret = hex2bin(p->blob, c, p->blob_len);
+                if (ret < 0)
+                        return -EINVAL;
                ret = getoptions(datablob, p, o);
                if (ret < 0)
                        return ret;

diff --git a/drivers/target/target_core_fabric_lib.c b/drivers/target/target_core_fabric_lib.c index c4ea3a9a555b..39f021b855ef 100644 --- a/drivers/target/target_core_fabric_lib.c +++ b/drivers/target/target_core_fabric_lib.c
@@ -63,6 +63,7 @@ u32 sas_get_pr_transport_id(
63	unsigned char *buf)	63	unsigned char *buf)
64	{	64	{
65	unsigned char *ptr;	65	unsigned char *ptr;
		66	int ret;
66		67
67	/*	68	/*
68	* Set PROTOCOL IDENTIFIER to 6h for SAS	69	* Set PROTOCOL IDENTIFIER to 6h for SAS
@@ -74,7 +75,9 @@ u32 sas_get_pr_transport_id(
74	*/	75	*/
75	ptr = &se_nacl->initiatorname[4]; /* Skip over 'naa. prefix */	76	ptr = &se_nacl->initiatorname[4]; /* Skip over 'naa. prefix */
76		77
77	hex2bin(&buf[4], ptr, 8);	78	ret = hex2bin(&buf[4], ptr, 8);
		79	if (ret < 0)
		80	pr_debug("sas transport_id: invalid hex string\n");
78		81
79	/*	82	/*
80	* The SAS Transport ID is a hardcoded 24-byte length	83	* The SAS Transport ID is a hardcoded 24-byte length
@@ -156,8 +159,9 @@ u32 fc_get_pr_transport_id(
156	unsigned char *buf)	159	unsigned char *buf)
157	{	160	{
158	unsigned char *ptr;	161	unsigned char *ptr;
159	int i;	162	int i, ret;
160	u32 off = 8;	163	u32 off = 8;
		164
161	/*	165	/*
162	* PROTOCOL IDENTIFIER is 0h for FCP-2	166	* PROTOCOL IDENTIFIER is 0h for FCP-2
163	*	167	*
@@ -174,7 +178,9 @@ u32 fc_get_pr_transport_id(
174	i++;	178	i++;
175	continue;	179	continue;
176	}	180	}
177	hex2bin(&buf[off++], &ptr[i], 1);	181	ret = hex2bin(&buf[off++], &ptr[i], 1);
		182	if (ret < 0)
		183	pr_debug("fc transport_id: invalid hex string\n");
178	i += 2;	184	i += 2;
179	}	185	}
180	/*	186	/*


diff --git a/include/linux/kernel.h b/include/linux/kernel.h index 46ac9a50528d..8eefcf7e95eb 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char pack_hex_byte(char buf, u8 byte)
382	}	382	}
383		383
384	extern int hex_to_bin(char ch);	384	extern int hex_to_bin(char ch);
385	extern void hex2bin(u8 dst, const char src, size_t count);	385	extern int __must_check hex2bin(u8 dst, const char src, size_t count);
386		386
387	/*	387	/*
388	* General tracing related utility functions - trace_printk(),	388	* General tracing related utility functions - trace_printk(),


diff --git a/lib/hexdump.c b/lib/hexdump.c index f5fe6ba7a3ab..51d5ae210244 100644 --- a/lib/hexdump.c +++ b/lib/hexdump.c
@@ -38,14 +38,21 @@ EXPORT_SYMBOL(hex_to_bin);
38	* @dst: binary result	38	* @dst: binary result
39	* @src: ascii hexadecimal string	39	* @src: ascii hexadecimal string
40	* @count: result length	40	* @count: result length
		41	*
		42	* Return 0 on success, -1 in case of bad input.
41	*/	43	*/
42	void hex2bin(u8 dst, const char src, size_t count)	44	int hex2bin(u8 dst, const char src, size_t count)
43	{	45	{
44	while (count--) {	46	while (count--) {
45	dst = hex_to_bin(src++) << 4;	47	int hi = hex_to_bin(*src++);
46	dst += hex_to_bin(src++);	48	int lo = hex_to_bin(*src++);
47	dst++;	49
		50	if ((hi < 0) \|\| (lo < 0))
		51	return -1;
		52
		53	*dst++ = (hi << 4) \| lo;
48	}	54	}
		55	return 0;
49	}	56	}
50	EXPORT_SYMBOL(hex2bin);	57	EXPORT_SYMBOL(hex2bin);
51		58


diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 3f577954b85a..f33804c1b4c8 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c
@@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
667	return -EINVAL;	667	return -EINVAL;
668		668
669	hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;	669	hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
670	hex2bin(epayload->iv, hex_encoded_iv, ivsize);	670	ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);
671	hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);	671	if (ret < 0)
		672	return -EINVAL;
		673	ret = hex2bin(epayload->encrypted_data, hex_encoded_data,
		674	encrypted_datalen);
		675	if (ret < 0)
		676	return -EINVAL;
672		677
673	hmac = epayload->format + epayload->datablob_len;	678	hmac = epayload->format + epayload->datablob_len;
674	hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);	679	ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
		680	HASH_SIZE);
		681	if (ret < 0)
		682	return -EINVAL;
675		683
676	mkey = request_master_key(epayload, &master_key, &master_keylen);	684	mkey = request_master_key(epayload, &master_key, &master_keylen);
677	if (IS_ERR(mkey))	685	if (IS_ERR(mkey))


diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0c33e2ea1f3c..0964fc236946 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c
@@ -779,7 +779,10 @@ static int getoptions(char c, struct trusted_key_payload pay,
779	opt->pcrinfo_len = strlen(args[0].from) / 2;	779	opt->pcrinfo_len = strlen(args[0].from) / 2;
780	if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)	780	if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
781	return -EINVAL;	781	return -EINVAL;
782	hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);	782	res = hex2bin(opt->pcrinfo, args[0].from,
		783	opt->pcrinfo_len);
		784	if (res < 0)
		785	return -EINVAL;
783	break;	786	break;
784	case Opt_keyhandle:	787	case Opt_keyhandle:
785	res = strict_strtoul(args[0].from, 16, &handle);	788	res = strict_strtoul(args[0].from, 16, &handle);
@@ -791,12 +794,18 @@ static int getoptions(char c, struct trusted_key_payload pay,
791	case Opt_keyauth:	794	case Opt_keyauth:
792	if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)	795	if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
793	return -EINVAL;	796	return -EINVAL;
794	hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE);	797	res = hex2bin(opt->keyauth, args[0].from,
		798	SHA1_DIGEST_SIZE);
		799	if (res < 0)
		800	return -EINVAL;
795	break;	801	break;
796	case Opt_blobauth:	802	case Opt_blobauth:
797	if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)	803	if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
798	return -EINVAL;	804	return -EINVAL;
799	hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE);	805	res = hex2bin(opt->blobauth, args[0].from,
		806	SHA1_DIGEST_SIZE);
		807	if (res < 0)
		808	return -EINVAL;
800	break;	809	break;
801	case Opt_migratable:	810	case Opt_migratable:
802	if (*args[0].from == '0')	811	if (*args[0].from == '0')
@@ -860,7 +869,9 @@ static int datablob_parse(char datablob, struct trusted_key_payload p,
860	p->blob_len = strlen(c) / 2;	869	p->blob_len = strlen(c) / 2;
861	if (p->blob_len > MAX_BLOB_SIZE)	870	if (p->blob_len > MAX_BLOB_SIZE)
862	return -EINVAL;	871	return -EINVAL;
863	hex2bin(p->blob, c, p->blob_len);	872	ret = hex2bin(p->blob, c, p->blob_len);
		873	if (ret < 0)
		874	return -EINVAL;
864	ret = getoptions(datablob, p, o);	875	ret = getoptions(datablob, p, o);
865	if (ret < 0)	876	if (ret < 0)
866	return ret;	877	return ret;