From ff797edab9f1a76aafb8c17bde3c607862921b87 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 23 Apr 2021 09:45:51 +0200
Subject: afalg: assert IV size returned from the kernel is in the range

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/accelerated/afalg.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/accelerated/afalg.c b/lib/accelerated/afalg.c
index fe72f8f344..138ce9e717 100644
--- a/lib/accelerated/afalg.c
+++ b/lib/accelerated/afalg.c
@@ -62,8 +62,12 @@ afalg_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
-	ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx) +
-						   kcapi_cipher_ivsize(handle));
+	if (unlikely(kcapi_cipher_ivsize(handle) > MAX_CIPHER_IV_SIZE)) {
+		gnutls_assert();
+		return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	ctx = (struct kcapi_ctx *)gnutls_calloc(1, sizeof(struct kcapi_ctx));
 	if (ctx == NULL) {
 		gnutls_assert();
 		kcapi_cipher_destroy(handle);
-- 
cgit v1.2.1