DivestOS/Patches/Linux_CVEs/CVE-2017-0747/ANY/0001.patch

48 lines
1.6 KiB
Diff
Raw Normal View History

2017-11-07 17:32:46 -05:00
From c0021edb9ee6b2a37322cd6cf6ebdf160d09b8d7 Mon Sep 17 00:00:00 2001
From: Brahmaji K <bkomma@codeaurora.org>
Date: Mon, 15 May 2017 16:02:15 +0530
Subject: qcdev: Check the digest length during the SHA operations
Check the digest length to avoid buffer overflow while
doing the SHA operations.
Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
---
drivers/crypto/msm/qcedev.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/crypto/msm/qcedev.c b/drivers/crypto/msm/qcedev.c
2017-11-07 17:32:46 -05:00
index d04ca6f..beeb99e 100644
--- a/drivers/crypto/msm/qcedev.c
+++ b/drivers/crypto/msm/qcedev.c
2017-11-07 17:32:46 -05:00
@@ -1741,6 +1741,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
mutex_unlock(&hash_access_lock);
return err;
2017-11-07 17:32:46 -05:00
}
+ if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
+ pr_err("Invalid sha_ctxt.diglen %d\n",
+ handle->sha_ctxt.diglen);
2017-11-07 17:32:46 -05:00
+ mutex_unlock(&hash_access_lock);
+ return -EINVAL;
+ }
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
memcpy(&qcedev_areq.sha_op_req.digest[0],
&handle->sha_ctxt.digest[0],
2017-11-07 17:32:46 -05:00
@@ -1777,6 +1783,12 @@ long qcedev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
mutex_unlock(&hash_access_lock);
return err;
2017-11-07 17:32:46 -05:00
}
+ if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
+ pr_err("Invalid sha_ctxt.diglen %d\n",
+ handle->sha_ctxt.diglen);
2017-11-07 17:32:46 -05:00
+ mutex_unlock(&hash_access_lock);
+ return -EINVAL;
+ }
qcedev_areq.sha_op_req.diglen = handle->sha_ctxt.diglen;
memcpy(&qcedev_areq.sha_op_req.digest[0],
&handle->sha_ctxt.digest[0],
2017-11-07 17:32:46 -05:00
--
cgit v1.1