From: Chenghai Huang huangchenghai2@huawei.com
The length of the input IV and key pointer cannot exceed the maximum length. Otherwise, memory overwriting occurs during the copy.
Signed-off-by: Chenghai Huang huangchenghai2@huawei.com --- src/uadk_prov_cipher.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index f6d1581..de3a62a 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -264,6 +264,11 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, int cipher_counts = ARRAY_SIZE(cipher_info_table); int i;
+ if (ivlen > IV_LEN || keylen > MAX_KEY_LEN) { + fprintf(stderr, "invalid keylen or ivlen.\n"); + return UADK_E_FAIL; + } + if (iv) memcpy(priv->iv, iv, ivlen);