crypto: Fix possible stack out of bound error Adding fix to check the upper limit on the length of the destination array while copying elements from source address to avoid stack out of bound error. Change-Id: Ieb24e8f9b4a2b53fbc9442b25d790b12f737d471 Signed-off-by: Tanwee Kausar <tkausar@codeaurora.org>

commit: 7ee539a94e44e10568826f6db22f21897b2d898a [log] [tgz]
author: Tanwee Kausar <tkausar@codeaurora.org> Mon Aug 10 16:10:50 2020 -0700
committer: Luca Weiss <luca.weiss@fairphone.com> Thu Jul 15 13:18:12 2021 +0200
tree: 54c09169fd819f1d1ad8ce3646e8f1e25a69aa37
parent: 3fed6e393d5c040e75f818687fb8b2850dc40da4 [diff]
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index e80523b..cf539f1 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c

@@ -850,6 +850,11 @@
 	switch (creq->alg) {
 	case CIPHER_ALG_DES:
 		if (creq->mode !=  QCE_MODE_ECB) {
+			if (ivsize > MAX_IV_LENGTH) {
+				pr_err("%s: error: Invalid length parameter\n",
+					 __func__);
+				return -EINVAL;
+			}
 			_byte_stream_to_net_words(enciv32, creq->iv, ivsize);
 			pce = cmdlistinfo->encr_cntr_iv;
 			pce->data = enciv32[0];
commit	7ee539a94e44e10568826f6db22f21897b2d898a	[log] [tgz]
author	Tanwee Kausar <tkausar@codeaurora.org>	Mon Aug 10 16:10:50 2020 -0700
committer	Luca Weiss <luca.weiss@fairphone.com>	Thu Jul 15 13:18:12 2021 +0200
tree	54c09169fd819f1d1ad8ce3646e8f1e25a69aa37
parent	3fed6e393d5c040e75f818687fb8b2850dc40da4 [diff]