From: Weili Qian <qianweili@huawei.com> Pointer check is added to prevent memcpy errors. In addition, the comment of the wd_dtb structure is added. Signed-off-by: Weili Qian <qianweili@huawei.com> Signed-off-by: Qi Tao <taoqi10@huawei.com> --- v1/wd.h | 5 ++++- v1/wd_dh.c | 6 ++---- v1/wd_ecc.c | 1 - v1/wd_rsa.c | 12 +++++++----- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/v1/wd.h b/v1/wd.h index 90e2321a..79b8a2ad 100644 --- a/v1/wd.h +++ b/v1/wd.h @@ -110,7 +110,10 @@ struct wd_mm_br { wd_bufsize get_bufsize; /* optional */ }; -/* Warpdrive data buffer */ +/* + * Warpdrive data buffer. If the actual size of data is inconsistent + * with dsize, undefined behavior occurs. + */ struct wd_dtb { char *data; /* data/buffer start address */ __u32 dsize; /* data size */ diff --git a/v1/wd_dh.c b/v1/wd_dh.c index 0329dde6..12f7b19d 100644 --- a/v1/wd_dh.c +++ b/v1/wd_dh.c @@ -243,10 +243,8 @@ int wcrypto_set_dh_g(void *ctx, struct wd_dtb *g) return -WD_EINVAL; } - if (g->dsize - && g->bsize <= cx->g.bsize - && g->dsize <= cx->g.bsize) { - memset(cx->g.data, 0, g->bsize); + if (g->dsize && g->data && g->dsize <= cx->g.bsize) { + memset(cx->g.data, 0, cx->g.bsize); memcpy(cx->g.data, g->data, g->dsize); cx->g.dsize = g->dsize; if (*g->data != WD_DH_G2 && cx->setup.is_g2) diff --git a/v1/wd_ecc.c b/v1/wd_ecc.c index a887e00c..bb65dfbe 100644 --- a/v1/wd_ecc.c +++ b/v1/wd_ecc.c @@ -1713,7 +1713,6 @@ void wcrypto_get_ecdsa_sign_out_params(struct wcrypto_ecc_out *out, get_sign_out_params(out, r, s); } - static bool less_than_latter(struct wd_dtb *d, struct wd_dtb *n) { int ret, shift; diff --git a/v1/wd_rsa.c b/v1/wd_rsa.c index 2c8692b6..1703dd37 100644 --- a/v1/wd_rsa.c +++ b/v1/wd_rsa.c @@ -161,15 +161,17 @@ static int kg_in_param_check(void *ctx, struct wd_dtb *e, return -WD_EINVAL; } - if (unlikely(e->dsize > c->key_size)) { + if (unlikely(!e->dsize || e->dsize > c->key_size || !e->data)) { WD_ERR("e para err at create kg in!\n"); return -WD_EINVAL; } - if (unlikely(p->dsize > CRT_PARAM_SZ(c->key_size))) { + + if (unlikely(!p->dsize || p->dsize > CRT_PARAM_SZ(c->key_size) || !p->data)) { WD_ERR("p para err at create kg in!\n"); return -WD_EINVAL; } - if (unlikely(q->dsize > CRT_PARAM_SZ(c->key_size))) { + + if (unlikely(!q->dsize || q->dsize > CRT_PARAM_SZ(c->key_size) || !q->data)) { WD_ERR("q para err at create kg in!\n"); return -WD_EINVAL; } @@ -762,7 +764,7 @@ void wcrypto_get_rsa_prikey_params(struct wcrypto_rsa_prikey *pvk, struct wd_dtb static int rsa_set_param(struct wd_dtb *src, struct wd_dtb *dst) { - if (!src || !dst || dst->dsize > src->bsize) + if (dst->dsize > src->bsize) return -WD_EINVAL; src->dsize = dst->dsize; @@ -778,7 +780,7 @@ static int rsa_prikey2_param_set(struct wcrypto_rsa_prikey2 *pkey2, { int ret; - if (param->dsize > pkey2->key_size || !param->data) + if (!param->dsize || !param->data) return -WD_EINVAL; switch (type) { -- 2.33.0