On Tue, Jul 10, 2018 at 08:59:05PM -0700, Eric Biggers wrote: > From: Eric Biggers <[email protected]> > > It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size', > causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and > an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it. > Also add a BUG_ON() if crypto_dh_encode_key() doesn't exactly fill the > buffer, as that would have found this bug without resorting to KASAN. > > Reported-by: [email protected] > Fixes: e3fe0ae12962 ("crypto: dh - add public key verification test") > Signed-off-by: Eric Biggers <[email protected]>
Is it possible to return an error and use WARN_ON instead of BUG_ON? Or do the callers not bother to check for errors? Thanks, -- Email: Herbert Xu <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
