From 58a20b797e5a987fc8f7c5bea3be24d754908bf5 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 7 Jul 2010 08:31:14 +0200
Subject: set_iv() function accepts argument from kernel memory.

---
 cryptodev_main.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'cryptodev_main.c')

diff --git a/cryptodev_main.c b/cryptodev_main.c
index 00f598c..f99c71a 100644
--- a/cryptodev_main.c
+++ b/cryptodev_main.c
@@ -426,10 +426,15 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop)
 			goto out_unlock;
 		}
 
-		ivsize = ses_ptr->cdata.ivsize;
-
 		if (cop->iv) {
-			cryptodev_cipher_set_iv(&ses_ptr->cdata, cop->iv, ivsize);
+			uint8_t iv[EALG_MAX_BLOCK_LEN];
+
+			ivsize = min((int)sizeof(iv), ses_ptr->cdata.ivsize);
+			ret = copy_from_user(iv, cop->iv, ivsize);
+			if (unlikely(ret))
+				goto out_unlock;
+
+			cryptodev_cipher_set_iv(&ses_ptr->cdata, iv, ivsize);
 		}
 	}
 
-- 
cgit