diff options
| author | Thorsten Blum <thorsten.blum@linux.dev> | 2025-11-26 12:46:13 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-02-16 12:17:47 +0300 |
| commit | 7dbeeafcb6e50d201b016599d1dcb576fbecfead (patch) | |
| tree | c8f80c24e37b9f63643c8ddc2a7aad439bd7bf36 /drivers/crypto | |
| parent | 6dda9f06990544206289a8fa8524ae519a486f67 (diff) | |
| download | linux-7dbeeafcb6e50d201b016599d1dcb576fbecfead.tar.xz | |
crypto: octeontx - Fix length check to avoid truncation in ucode_load_store
commit 5565a72b24fa7935a9f30af386e92c8c9dfb23b9 upstream.
OTX_CPT_UCODE_NAME_LENGTH limits the microcode name to 64 bytes. If a
user writes a string of exactly 64 characters, the original code used
'strlen(buf) > 64' to check the length, but then strscpy() copies only
63 characters before adding a NUL terminator, silently truncating the
copied string.
Fix this off-by-one error by using 'count' directly for the length check
to ensure long names are rejected early and copied without truncation.
Cc: stable@vger.kernel.org
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/crypto')
| -rw-r--r-- | drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c index c4250e5fcf8f..11dfbd4beba9 100644 --- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c @@ -1336,7 +1336,7 @@ static ssize_t ucode_load_store(struct device *dev, int del_grp_idx = -1; int ucode_idx = 0; - if (strlen(buf) > OTX_CPT_UCODE_NAME_LENGTH) + if (count >= OTX_CPT_UCODE_NAME_LENGTH) return -EINVAL; eng_grps = container_of(attr, struct otx_cpt_eng_grps, ucode_load_attr); |