dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity

encrypted-keys: check hex2bin result 

For each hex2bin call in encrypted keys, check that the ascii hex string
is valid.  On failure, return -EINVAL.

Changelog v1:
- hex2bin now returns an int

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
This commit is contained in:
Mimi Zohar 2011-09-20 11:23:55 -04:00
parent 2684bf7f29
commit 2b3ff6319e
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
security/keys/encrypted-keys/encrypted.c
View File

@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
return -EINVAL;
hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
hex2bin(epayload->iv, hex_encoded_iv, ivsize);
hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);
ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);
if (ret < 0)
return -EINVAL;
ret = hex2bin(epayload->encrypted_data, hex_encoded_data,
encrypted_datalen);
if (ret < 0)
return -EINVAL;
hmac = epayload->format + epayload->datablob_len;
hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);
ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
HASH_SIZE);
if (ret < 0)
return -EINVAL;
mkey = request_master_key(epayload, &master_key, &master_keylen);
if (IS_ERR(mkey))