crypto: msm: Check for invalid byte offset field
There is potential for HEAP corruption when the
byte offset field is set to a huge value.
Change-Id: Idd851cf3ec57627aba7d8250914cd18ccdd697ec
Signed-off-by: Mona Hossain <mhossain@codeaurora.org>
diff --git a/drivers/crypto/msm/qce.h b/drivers/crypto/msm/qce.h
index 51a74b6..cf75e93 100644
--- a/drivers/crypto/msm/qce.h
+++ b/drivers/crypto/msm/qce.h
@@ -32,6 +32,8 @@
#define SHA256_DIGESTSIZE 32
#define SHA1_DIGESTSIZE 20
+#define AES_CE_BLOCK_SIZE 16
+
/* key size in bytes */
#define HMAC_KEY_SIZE (SHA1_DIGESTSIZE) /* hmac-sha1 */
#define SHA_HMAC_KEY_SIZE 64
diff --git a/drivers/crypto/msm/qcedev.c b/drivers/crypto/msm/qcedev.c
index a09bb42..9870648 100644
--- a/drivers/crypto/msm/qcedev.c
+++ b/drivers/crypto/msm/qcedev.c
@@ -1650,6 +1650,10 @@
__func__);
goto error;
}
+ if (req->byteoffset >= AES_CE_BLOCK_SIZE) {
+ pr_err("%s: Invalid byte offset\n", __func__);
+ goto error;
+ }
}
/* Ensure zer ivlen for ECB mode */
if (req->ivlen > 0) {