[Openais] [PATCH 20/20] crypto: handle overflow in HASH_PROCESS macro

Jan Friesse Wed, 01 Jun 2011 09:37:29 -0700

md->state_var.curlen theoretically could be sizeof(buf) so overflow
could happen.


Need REALLY proper review.
Signed-off-by: Jan Friesse <jfrie...@redhat.com>
---
 exec/crypto.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/exec/crypto.c b/exec/crypto.c
index 901797a..5e0e8a6 100644
--- a/exec/crypto.c
+++ b/exec/crypto.c
@@ -287,6 +287,9 @@ int func_name (hash_state * md, const unsigned char *buf, 
unsigned long len)
            len             -= block_size;                                      
             \
         } else {                                                               
             \
            n = MIN(len, (block_size - md-> state_var .curlen));                
             \
+           if (md-> state_var .curlen == sizeof(md-> state_var .buf)) {        
             \
+              return CRYPT_INVALID_ARG;                                        
             \
+           }                                                                   
             \
            memcpy(md-> state_var .buf + md-> state_var.curlen, buf, 
(size_t)n);             \
            md-> state_var .curlen += n;                                        
             \
            buf             += n;                                               
             \
-- 
1.7.1

_______________________________________________
Openais mailing list
Openais@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/openais

[Openais] [PATCH 20/20] crypto: handle overflow in HASH_PROCESS macro

Reply via email to