crypto: nx - Fix memcpy() over-reading in nonce

author Kees Cook <keescook@chromium.org>

Wed, 16 Jun 2021 20:34:59 +0000 (13:34 -0700)

committer Herbert Xu <herbert@gondor.apana.org.au>

Thu, 24 Jun 2021 06:51:34 +0000 (14:51 +0800)
author Kees Cook <keescook@chromium.org>
Wed, 16 Jun 2021 20:34:59 +0000 (13:34 -0700)
committer Herbert Xu <herbert@gondor.apana.org.au>
Thu, 24 Jun 2021 06:51:34 +0000 (14:51 +0800)
diff --git a/drivers/crypto/nx/nx-aes-ctr.c b/drivers/crypto/nx/nx-aes-ctr.c

index 13f518802343d40f3345f293dfbd31b79ddd43b6..6120e350ff71d12e28e32f47eae18077d60446d2 100644 (file)
--- a/drivers/crypto/nx/nx-aes-ctr.c
+++ b/drivers/crypto/nx/nx-aes-ctr.c
@@ -118,7 +118,7 @@ static int ctr3686_aes_nx_crypt(struct skcipher_request *req)
         struct nx_crypto_ctx *nx_ctx = crypto_skcipher_ctx(tfm);
         u8 iv[16];
  
-       memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_IV_SIZE);
+       memcpy(iv, nx_ctx->priv.ctr.nonce, CTR_RFC3686_NONCE_SIZE);
         memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
         iv[12] = iv[13] = iv[14] = 0;
         iv[15] = 1;
author	Kees Cook <keescook@chromium.org>
	Wed, 16 Jun 2021 20:34:59 +0000 (13:34 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 24 Jun 2021 06:51:34 +0000 (14:51 +0800)