diff options
| author | Philippe Schenker <philippe.schenker@toradex.com> | 2022-05-19 14:57:48 +0200 |
|---|---|---|
| committer | Philippe Schenker <philippe.schenker@toradex.com> | 2022-05-19 14:57:48 +0200 |
| commit | 0e61b511dd8474280ba674590daa55f30433b7d4 (patch) | |
| tree | 48c35f63dc1101d0d528b5d79c81849b99ca7c6d /security/keys | |
| parent | c4bda7fe18b3ff6898f8fa110a3d60ee8f4379a0 (diff) | |
| parent | 01565c91b789a1612051e735a65f11096a6f08e8 (diff) | |
Merge tag 'v5.4.193' into update-to-2.3.7__5.4-2.3.x-imx
This is the 5.4.193 stable release
Conflicts:
arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts
drivers/edac/synopsys_edac.c
drivers/mmc/host/sdhci-esdhc-imx.c
drivers/mmc/host/sdhci.c
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
sound/soc/codecs/msm8916-wcd-analog.c
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/keyctl_pkey.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 931d8dfb4a7f..63e5c646f762 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -135,15 +135,23 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par switch (op) { case KEYCTL_PKEY_ENCRYPT: + if (uparams.in_len > info.max_dec_size || + uparams.out_len > info.max_enc_size) + return -EINVAL; + break; case KEYCTL_PKEY_DECRYPT: if (uparams.in_len > info.max_enc_size || uparams.out_len > info.max_dec_size) return -EINVAL; break; case KEYCTL_PKEY_SIGN: + if (uparams.in_len > info.max_data_size || + uparams.out_len > info.max_sig_size) + return -EINVAL; + break; case KEYCTL_PKEY_VERIFY: - if (uparams.in_len > info.max_sig_size || - uparams.out_len > info.max_data_size) + if (uparams.in_len > info.max_data_size || + uparams.in2_len > info.max_sig_size) return -EINVAL; break; default: @@ -151,7 +159,7 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par } params->in_len = uparams.in_len; - params->out_len = uparams.out_len; + params->out_len = uparams.out_len; /* Note: same as in2_len */ return 0; } |