tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: octeontx - Fix length check to avoid truncation in ucode_load_store

OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
user writes a string of exactly 64 characters, the original code used
'strlen(buf) > 64' to check the length, but then strscpy() copies only
63 characters before adding a NUL terminator, silently truncating the
copied string.

Fix this off-by-one error by using 'count' directly for the length check
to ensure long names are rejected early and copied without truncation.

Cc: stable@vger.kernel.org
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Thorsten Blum and committed by
Herbert Xu 5565a72b 352140d3

+1 -1
+1 -1
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
··· 1326 1326 int del_grp_idx = -1; 1327 1327 int ucode_idx = 0; 1328 1328 1329 - if (strlen(buf) > OTX_CPT_UCODE_NAME_LENGTH) 1329 + if (count >= OTX_CPT_UCODE_NAME_LENGTH) 1330 1330 return -EINVAL; 1331 1331 1332 1332 eng_grps = container_of(attr, struct otx_cpt_eng_grps, ucode_load_attr);