Commit 2b3ff631 authored by Mimi Zohar's avatar Mimi Zohar

encrypted-keys: check hex2bin result

For each hex2bin call in encrypted keys, check that the ascii hex string
is valid.  On failure, return -EINVAL.

Changelog v1:
- hex2bin now returns an int
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
parent 2684bf7f
...@@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, ...@@ -667,11 +667,19 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
return -EINVAL; return -EINVAL;
hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2; hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
hex2bin(epayload->iv, hex_encoded_iv, ivsize); ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);
hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen); if (ret < 0)
return -EINVAL;
ret = hex2bin(epayload->encrypted_data, hex_encoded_data,
encrypted_datalen);
if (ret < 0)
return -EINVAL;
hmac = epayload->format + epayload->datablob_len; hmac = epayload->format + epayload->datablob_len;
hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE); ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
HASH_SIZE);
if (ret < 0)
return -EINVAL;
mkey = request_master_key(epayload, &master_key, &master_keylen); mkey = request_master_key(epayload, &master_key, &master_keylen);
if (IS_ERR(mkey)) if (IS_ERR(mkey))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment