[CRYPTO] aes: Fixed array boundary violation The AES setkey routine writes 64 bytes to the E_KEY area even though there are only 60 bytes there. It is in fact safe since E_KEY is immediately follwed by D_KEY which is initialised afterwards. However, doing this may trigger undefined behaviour and makes Coverity unhappy. So by combining E_KEY and D_KEY into one array we sidestep this issue altogether. This problem was reported by Adrian Bunk. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

commit: 55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6 [log] [tgz]
author: David McCullough <david_mccullough@au.securecomputing.com> Wed Mar 15 21:08:51 2006 +1100
committer: Herbert Xu <herbert@gondor.apana.org.au> Tue Mar 21 20:14:10 2006 +1100
tree: e850e9052d4db68905cb6c444e269ed7c719301e
parent: 06b42aa94b65806b4f8c5fc893ef97a2f491fb32 [diff] [blame]
diff --git a/crypto/aes.c b/crypto/aes.c
index 0a6a5c1..a501729 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c

@@ -75,12 +75,11 @@
 
 struct aes_ctx {
 	int key_length;
-	u32 E[60];
-	u32 D[60];
+	u32 buf[120];
 };
 
-#define E_KEY ctx->E
-#define D_KEY ctx->D
+#define E_KEY (&ctx->buf[0])
+#define D_KEY (&ctx->buf[60])
 
 static u8 pow_tab[256] __initdata;
 static u8 log_tab[256] __initdata;
commit	55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6	[log] [tgz]
author	David McCullough <david_mccullough@au.securecomputing.com>	Wed Mar 15 21:08:51 2006 +1100
committer	Herbert Xu <herbert@gondor.apana.org.au>	Tue Mar 21 20:14:10 2006 +1100
tree	e850e9052d4db68905cb6c444e269ed7c719301e
parent	06b42aa94b65806b4f8c5fc893ef97a2f491fb32 [diff] [blame]