crypto: bcm - Fix pointer arithmetic
In spu2_dump_omd() value of ptr is increased by ciph_key_len
instead of hash_iv_len which could lead to going beyond the
buffer boundaries.
Fix this bug by changing ciph_key_len to hash_iv_len.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 9d12ba86f8
("crypto: brcm - Add Broadcom SPU driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
616ce45c15
commit
2b3460cbf4
@ -495,7 +495,7 @@ static void spu2_dump_omd(u8 *omd, u16 hash_key_len, u16 ciph_key_len,
|
||||
if (hash_iv_len) {
|
||||
packet_log(" Hash IV Length %u bytes\n", hash_iv_len);
|
||||
packet_dump(" hash IV: ", ptr, hash_iv_len);
|
||||
ptr += ciph_key_len;
|
||||
ptr += hash_iv_len;
|
||||
}
|
||||
|
||||
if (ciph_iv_len) {
|
||||
|
Loading…
Reference in New Issue
Block a user