mirror of
https://github.com/torvalds/linux.git
synced 2024-11-23 20:51:44 +00:00
encrypted-keys: check hex2bin result
For each hex2bin call in encrypted keys, check that the ascii hex string is valid. On failure, return -EINVAL. Changelog v1: - hex2bin now returns an int Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
This commit is contained in:
parent
2684bf7f29
commit
2b3ff6319e
@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
|
||||
return -EINVAL;
|
||||
|
||||
hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
|
||||
hex2bin(epayload->iv, hex_encoded_iv, ivsize);
|
||||
hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);
|
||||
ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);
|
||||
if (ret < 0)
|
||||
return -EINVAL;
|
||||
ret = hex2bin(epayload->encrypted_data, hex_encoded_data,
|
||||
encrypted_datalen);
|
||||
if (ret < 0)
|
||||
return -EINVAL;
|
||||
|
||||
hmac = epayload->format + epayload->datablob_len;
|
||||
hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);
|
||||
ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
|
||||
HASH_SIZE);
|
||||
if (ret < 0)
|
||||
return -EINVAL;
|
||||
|
||||
mkey = request_master_key(epayload, &master_key, &master_keylen);
|
||||
if (IS_ERR(mkey))
|
||||
|
Loading…
Reference in New Issue
Block a user