leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: talitos - fix bug in sg_copy_end_to_buffer

Browse Source 
In function sg_copy_end_to_buffer, too much data
is copied when a segment in the scatterlist
has .length greater than the requested copy length.

This patch adds the limit checks to fix this bug of over copying,
which affected only the ahash algorithms.

Signed-off-by: Lee Nipper <lee.nipper@gmail.com>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Lee Nipper 2010-07-19 14:11:24 +08:00 committed by Herbert Xu
parent 2716fbf63e
commit 7260042b2d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/crypto/talitos.c
View File

@ -1183,10 +1183,14 @@ static size_t sg_copy_end_to_buffer(struct scatterlist *sgl, unsigned int nents,
/* Copy part of this segment */
ignore = skip - offset;
len = miter.length - ignore;
if (boffset + len > buflen)
len = buflen - boffset;
memcpy(buf + boffset, miter.addr + ignore, len);
} else {
/* Copy all of this segment */
/* Copy all of this segment (up to buflen) */
len = miter.length;
if (boffset + len > buflen)
len = buflen - boffset;
memcpy(buf + boffset, miter.addr, len);
}
boffset += len;