diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/digsig.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/digsig.c b/lib/digsig.c index fd2402f67f89..5d840ac64fb1 100644 --- a/lib/digsig.c +++ b/lib/digsig.c | |||
| @@ -105,6 +105,10 @@ static int digsig_verify_rsa(struct key *key, | |||
| 105 | 105 | ||
| 106 | down_read(&key->sem); | 106 | down_read(&key->sem); |
| 107 | ukp = key->payload.data; | 107 | ukp = key->payload.data; |
| 108 | |||
| 109 | if (ukp->datalen < sizeof(*pkh)) | ||
| 110 | goto err1; | ||
| 111 | |||
| 108 | pkh = (struct pubkey_hdr *)ukp->data; | 112 | pkh = (struct pubkey_hdr *)ukp->data; |
| 109 | 113 | ||
| 110 | if (pkh->version != 1) | 114 | if (pkh->version != 1) |
| @@ -117,7 +121,7 @@ static int digsig_verify_rsa(struct key *key, | |||
| 117 | goto err1; | 121 | goto err1; |
| 118 | 122 | ||
| 119 | datap = pkh->mpi; | 123 | datap = pkh->mpi; |
| 120 | endp = datap + ukp->datalen; | 124 | endp = ukp->data + ukp->datalen; |
| 121 | 125 | ||
| 122 | for (i = 0; i < pkh->nmpi; i++) { | 126 | for (i = 0; i < pkh->nmpi; i++) { |
| 123 | unsigned int remaining = endp - datap; | 127 | unsigned int remaining = endp - datap; |
| @@ -128,7 +132,8 @@ static int digsig_verify_rsa(struct key *key, | |||
| 128 | mblen = mpi_get_nbits(pkey[0]); | 132 | mblen = mpi_get_nbits(pkey[0]); |
| 129 | mlen = (mblen + 7)/8; | 133 | mlen = (mblen + 7)/8; |
| 130 | 134 | ||
| 131 | err = -ENOMEM; | 135 | if (mlen == 0) |
| 136 | goto err; | ||
| 132 | 137 | ||
| 133 | out1 = kzalloc(mlen, GFP_KERNEL); | 138 | out1 = kzalloc(mlen, GFP_KERNEL); |
| 134 | if (!out1) | 139 | if (!out1) |