On Wed, Oct 04, 2023 at 03:19:57PM -0500, [email protected] wrote:
> +int sed_read_key(char *keyname, char *key, u_int *keylen)
> +{
> + struct plpks_var var;
> + struct plpks_sed_object_data data;
> + int ret;
> + u_int len;
> +
> + plpks_init_var(&var, keyname);
> +
> + if (!plpks_sed_available)
> + return -EOPNOTSUPP;
> +
> + var.data = (u8 *)&data;
> + var.datalen = sizeof(data);
> +
> + ret = plpks_read_os_var(&var);
> + if (ret != 0)
> + return ret;
> +
> + len = min_t(u16, be32_to_cpu(data.key_len), var.datalen);
^^^^^^^^^^^
This isn't the correct limit. This is the number of bytes that we
copied into data. Probably it's sizeof(data) and, hopefully, it's
at least the offsetof(struct plpks_sed_object_data, key).
To me the temptation is the initialize data to zero and
s/var.datalen/sizeof(data.key)/.
> + memcpy(key, data.key, len);
^^^^^^^^
> + key[len] = '\0';
> + *keylen = len;
> +
> + return 0;
> +}
regards,
dan carpenter
