From c84c44f62f02eaee920def2e40095c7072166c48 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 12 Jun 2026 17:13:25 -0500 Subject: [PATCH] fix F-1238: Integer Overflow in ECDSA Verify Allocation of sig_len + hash_len --- linuxkm/lkcapi_ecdsa_glue.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c index 62e2eca120..6832419ab2 100644 --- a/linuxkm/lkcapi_ecdsa_glue.c +++ b/linuxkm/lkcapi_ecdsa_glue.c @@ -417,6 +417,11 @@ static int km_ecdsa_verify(struct akcipher_request *req) goto ecdsa_verify_end; } + if ((sig_len + hash_len) != ((word64)sig_len + (word64)hash_len)) { + err = -EINVAL; + goto ecdsa_verify_end; + } + sig = malloc(sig_len + hash_len); if (unlikely(sig == NULL)) { err = -ENOMEM;