fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len

This commit is contained in:
Daniel Pouzzner
2026-06-10 14:11:50 -05:00
parent 1e888383bb
commit e98a03b80e
+6 -2
View File
@@ -792,8 +792,12 @@ static int km_direct_rsa_dec(struct akcipher_request *req)
goto rsa_dec_out;
}
if (req->dst_len <= 0 || req->dst_len > (unsigned int) ctx->key_len) {
err = -EINVAL;
if (req->dst_len != (unsigned int)ctx->key_len) {
if ((req->dst_len > 0) && (req->dst_len < (unsigned int)ctx->key_len))
err = -EOVERFLOW;
else
err = -EINVAL;
req->dst_len = ctx->key_len;
goto rsa_dec_out;
}