PWN-Hunter/android_kernel_xiaomi_sdm845
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[CRYPTO] aes: Fixed array boundary violation

Browse Source 
The AES setkey routine writes 64 bytes to the E_KEY area even though
there are only 60 bytes there.  It is in fact safe since E_KEY is
immediately follwed by D_KEY which is initialised afterwards.  However,
doing this may trigger undefined behaviour and makes Coverity unhappy.

So by combining E_KEY and D_KEY into one array we sidestep this issue
altogether.

This problem was reported by Adrian Bunk.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
David McCullough 2006-03-15 21:08:51 +11:00 committed by Herbert Xu
parent 06b42aa94b
commit 55e9dce37d
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
arch/x86_64/crypto/aes.c
View File

@ -77,12 +77,11 @@ static inline u8 byte(const u32 x, const unsigned n)
struct aes_ctx struct aes_ctx
{ {
u32 key_length; u32 key_length;
u32 E[60]; u32 buf[120];
u32 D[60];
}; };
#define E_KEY ctx->E #define E_KEY (&ctx->buf[0])
#define D_KEY ctx->D #define D_KEY (&ctx->buf[60])
static u8 pow_tab[256] __initdata; static u8 pow_tab[256] __initdata;
static u8 log_tab[256] __initdata; static u8 log_tab[256] __initdata;

7
crypto/aes.c
View File

@ -75,12 +75,11 @@ byte(const u32 x, const unsigned n)
struct aes_ctx { struct aes_ctx {
int key_length; int key_length;
u32 E[60]; u32 buf[120];
u32 D[60];
}; };
#define E_KEY ctx->E #define E_KEY (&ctx->buf[0])
#define D_KEY ctx->D #define D_KEY (&ctx->buf[60])
static u8 pow_tab[256] __initdata; static u8 pow_tab[256] __initdata;
static u8 log_tab[256] __initdata; static u8 log_tab[256] __initdata;