aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
authorHerbert Xu <herbert@gondor.apana.org.au>2025-02-27 17:04:46 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2025-03-08 16:23:22 +0800
commitcc47f07234f72cbd8e2c973cdbf2a6730660a463 (patch)
treecb0afbdb1c7f618fd9a5bc8dff3520c03aad8406 /crypto
parentef2a68f815daa7ff67781ee31e67802069634ed6 (diff)
downloadath-cc47f07234f72cbd8e2c973cdbf2a6730660a463.tar.gz
crypto: lzo - Fix compression buffer overrun
Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/lzo-rle.c2
-rw-r--r--crypto/lzo.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/crypto/lzo-rle.c b/crypto/lzo-rle.c
index 0631d975bfac1..0abc2d87f0420 100644
--- a/crypto/lzo-rle.c
+++ b/crypto/lzo-rle.c
@@ -55,7 +55,7 @@ static int __lzorle_compress(const u8 *src, unsigned int slen,
size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
int err;
- err = lzorle1x_1_compress(src, slen, dst, &tmp_len, ctx);
+ err = lzorle1x_1_compress_safe(src, slen, dst, &tmp_len, ctx);
if (err != LZO_E_OK)
return -EINVAL;
diff --git a/crypto/lzo.c b/crypto/lzo.c
index ebda132dd22bf..8338851c7406a 100644
--- a/crypto/lzo.c
+++ b/crypto/lzo.c
@@ -55,7 +55,7 @@ static int __lzo_compress(const u8 *src, unsigned int slen,
size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
int err;
- err = lzo1x_1_compress(src, slen, dst, &tmp_len, ctx);
+ err = lzo1x_1_compress_safe(src, slen, dst, &tmp_len, ctx);
if (err != LZO_E_OK)
return -EINVAL;