From ea5e86d967af5e2fe86c6cff8ca82fcea36d9d26 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 15 Jun 2026 11:33:42 -0500 Subject: [PATCH] fix F-5956: Heap buffer overflow in DH/FFDHE shared-secret computation when peer public key is shorter than the modulus --- linuxkm/lkcapi_dh_glue.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/linuxkm/lkcapi_dh_glue.c b/linuxkm/lkcapi_dh_glue.c index 6196c2a0fe..1d97a67a75 100644 --- a/linuxkm/lkcapi_dh_glue.c +++ b/linuxkm/lkcapi_dh_glue.c @@ -970,7 +970,15 @@ static int km_dh_compute_shared_secret(struct kpp_request *req) /* copy req->src to pub */ scatterwalk_map_and_copy(pub, req->src, 0, req->src_len, 0); - shared_secret_len = pub_len; + /* Note, shared_secret_len must use the canonical length of ctx->key, not + * the untrustworthy req->src_len, to prevent underallocation of + * shared_secret. + */ + shared_secret_len = mp_unsigned_bin_size(&ctx->key->p); + if (shared_secret_len < req->src_len) { + err = -EINVAL; + goto dh_shared_secret_end; + } shared_secret = malloc(shared_secret_len); if (!shared_secret) { err = -ENOMEM;