From: Weili Qian <qianweili@huawei.com> Pointer check is added to prevent memcpy errors. In addition, the comment of the wd_dtb structure is added. Signed-off-by: Weili Qian <qianweili@huawei.com> Signed-off-by: Qi Tao <taoqi10@huawei.com> --- include/wd.h | 4 ++++ wd_dh.c | 6 ++---- wd_ecc.c | 1 - wd_rsa.c | 12 +++++++----- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/include/wd.h b/include/wd.h index 944c3e85..b62d355b 100644 --- a/include/wd.h +++ b/include/wd.h @@ -115,6 +115,10 @@ enum wd_alg_type { WD_AEAD, }; +/* + * If the actual size of data is inconsistent + * with dsize, undefined behavior occurs. + */ struct wd_dtb { /* data/buffer start address */ char *data; diff --git a/wd_dh.c b/wd_dh.c index 043c3be9..3e02f2a1 100644 --- a/wd_dh.c +++ b/wd_dh.c @@ -555,10 +555,8 @@ int wd_dh_set_g(handle_t sess, struct wd_dtb *g) return -WD_EINVAL; } - if (g->dsize && - g->bsize <= sess_t->g.bsize && - g->dsize <= sess_t->g.bsize) { - memset(sess_t->g.data, 0, g->bsize); + if (g->dsize && g->data && g->dsize <= sess_t->g.bsize) { + memset(sess_t->g.data, 0, sess_t->g.bsize); memcpy(sess_t->g.data, g->data, g->dsize); sess_t->g.dsize = g->dsize; if (*g->data != WD_DH_G2 && sess_t->setup.is_g2) diff --git a/wd_ecc.c b/wd_ecc.c index cf5c4720..36e5206f 100644 --- a/wd_ecc.c +++ b/wd_ecc.c @@ -1710,7 +1710,6 @@ static int generate_random(struct wd_ecc_sess *sess, struct wd_dtb *k) static int sm2_compute_za_hash(__u8 *za, __u32 *len, struct wd_dtb *id, struct wd_ecc_sess *sess) - { __u32 key_size = BITS_TO_BYTES(sess->setup.key_bits); struct wd_hash_mt *hash = &sess->setup.hash; diff --git a/wd_rsa.c b/wd_rsa.c index f0dfb567..caac7e60 100644 --- a/wd_rsa.c +++ b/wd_rsa.c @@ -623,15 +623,17 @@ struct wd_rsa_kg_in *wd_rsa_new_kg_in(handle_t sess, struct wd_dtb *e, return NULL; } - if (!e->dsize || e->dsize > c->key_size) { + if (!e->dsize || e->dsize > c->key_size || !e->data) { WD_ERR("invalid: e para err at create kg in!\n"); return NULL; } - if (!p->dsize || p->dsize > CRT_PARAM_SZ(c->key_size)) { + + if (!p->dsize || p->dsize > CRT_PARAM_SZ(c->key_size) || !p->data) { WD_ERR("invalid: p para err at create kg in!\n"); return NULL; } - if (!q->dsize || q->dsize > CRT_PARAM_SZ(c->key_size)) { + + if (!q->dsize || q->dsize > CRT_PARAM_SZ(c->key_size) || !q->data) { WD_ERR("invalid: q para err at create kg in!\n"); return NULL; } @@ -1105,7 +1107,7 @@ void wd_rsa_get_prikey_params(struct wd_rsa_prikey *pvk, struct wd_dtb **d, static int rsa_set_param(struct wd_dtb *src, struct wd_dtb *dst) { - if (!src || !dst || dst->dsize > src->bsize) + if (dst->dsize > src->bsize) return -WD_EINVAL; src->dsize = dst->dsize; @@ -1121,7 +1123,7 @@ static int rsa_prikey2_param_set(struct wd_rsa_prikey2 *pkey2, { int ret = -WD_EINVAL; - if (param->dsize > pkey2->key_size || !param->data) + if (!param->dsize || !param->data) return -WD_EINVAL; switch (type) { -- 2.33.0