diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-04-23 09:45:51 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-04-23 09:45:51 +0200 |
commit | ff797edab9f1a76aafb8c17bde3c607862921b87 (patch) | |
tree | f23dcb528e7ce734ff00fdd8106cb8a626f6be06 | |
parent | a07464c795e2d3c5e66cbce610f3ae4215ada0fc (diff) | |
download | gnutls-ff797edab9f1a76aafb8c17bde3c607862921b87.tar.gz |
afalg: assert IV size returned from the kernel is in the range
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | lib/accelerated/afalg.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/accelerated/afalg.c b/lib/accelerated/afalg.c index fe72f8f344..138ce9e717 100644 --- a/lib/accelerated/afalg.c +++ b/lib/accelerated/afalg.c @@ -62,8 +62,12 @@ afalg_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc) return GNUTLS_E_MEMORY_ERROR; } - ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx) + - kcapi_cipher_ivsize(handle)); + if (unlikely(kcapi_cipher_ivsize(handle) > MAX_CIPHER_IV_SIZE)) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx)); if (ctx == NULL) { gnutls_assert(); kcapi_cipher_destroy(handle); |