Use EOVERFLOW if input data is too large

2 files changed, 9 insertions, 3 deletions

diff --git a/userspace/ncrypto_key.c b/userspace/ncrypto_key.c
index 47d4c94..758ff6f 100644
--- a/userspace/ncrypto_key.c
+++ b/userspace/ncrypto_key.c
@@ -218,8 +218,10 @@ ncr_key_import(ncr_key_t key, void *idata, size_t idata_size, void *id, size_t i
 	io.key = key;
 	io.idata = idata;
 	io.idata_size = idata_size;
-	if (id_size > MAX_KEY_ID_SIZE)
-		id_size = MAX_KEY_ID_SIZE;
+	if (id_size > MAX_KEY_ID_SIZE) {
+		errno = EOVERFLOW;
+		return -1;
+	}
 	memmove(&io.key_id, id, id_size);
 	io.key_id_size = id_size;
 	io.algorithm = algorithm;
diff --git a/userspace/ncrypto_params.c b/userspace/ncrypto_params.c
index 0bbe0df..d365432 100644
--- a/userspace/ncrypto_params.c
+++ b/userspace/ncrypto_params.c
@@ -33,10 +33,14 @@ ncr_key_params_deinit(ncr_key_params_t params)
 int
 ncr_key_params_set_cipher_iv(ncr_key_params_t params, void* iv, unsigned int iv_size)
 {
-	if (!params || (iv_size > NCR_CIPHER_MAX_BLOCK_LEN)) {
+	if (!params) {
 		errno = EINVAL;
 		return -1;
 	}
+	if (iv_size > NCR_CIPHER_MAX_BLOCK_LEN) {
+		errno = EOVERFLOW;
+		return -1;
+	}
 	memmove(params->params.cipher.iv, iv, iv_size);
 	params->params.cipher.iv_size = iv_size;
 	return 0;