afalg: assert IV size returned from the kernel is in the range

Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2021-04-23 09:45:51 +0200
committer: Daiki Ueno <ueno@gnu.org> 2021-04-23 09:45:51 +0200
commit: ff797edab9f1a76aafb8c17bde3c607862921b87 (patch)
tree: f23dcb528e7ce734ff00fdd8106cb8a626f6be06
parent: a07464c795e2d3c5e66cbce610f3ae4215ada0fc (diff)
download: gnutls-ff797edab9f1a76aafb8c17bde3c607862921b87.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/accelerated/afalg.c b/lib/accelerated/afalg.c
index fe72f8f344..138ce9e717 100644
--- a/lib/accelerated/afalg.c
+++ b/lib/accelerated/afalg.c
@@ -62,8 +62,12 @@ afalg_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
-	ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx) +
-						   kcapi_cipher_ivsize(handle));
+	if (unlikely(kcapi_cipher_ivsize(handle) > MAX_CIPHER_IV_SIZE)) {
+		gnutls_assert();
+		return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx));
 	if (ctx == NULL) {
 		gnutls_assert();
 		kcapi_cipher_destroy(handle);
author	Daiki Ueno <ueno@gnu.org>	2021-04-23 09:45:51 +0200
committer	Daiki Ueno <ueno@gnu.org>	2021-04-23 09:45:51 +0200
commit	ff797edab9f1a76aafb8c17bde3c607862921b87 (patch)
tree	f23dcb528e7ce734ff00fdd8106cb8a626f6be06
parent	a07464c795e2d3c5e66cbce610f3ae4215ada0fc (diff)
download	gnutls-ff797edab9f1a76aafb8c17bde3c607862921b87.tar.gz