pseries: PLPKS SED Opal keystore support

Greg Joyce Wed, 16 Nov 2022 15:45:08 -0800

On Fri, 2022-10-07 at 19:09 +0000, Elliott, Robert (Servers) wrote:
> > -----Original Message-----
> > From: gjo...@linux.vnet.ibm.com <gjo...@linux.vnet.ibm.com>
> > Sent: Friday, August 19, 2022 5:32 PM
> > To: linux-bl...@vger.kernel.org
> > Cc: linuxppc-dev@lists.ozlabs.org; jonathan.derr...@linux.dev;
> > brk...@linux.vnet.ibm.com; msucha...@suse.de; m...@ellerman.id.au;
> > na...@linux.ibm.com; ax...@kernel.dk; a...@linux-foundation.org;
> > gjo...@linux.vnet.ibm.com; linux-...@vger.kernel.org;
> > keyri...@vger.kernel.org; dhowe...@redhat.com; jar...@kernel.org
> > Subject: [PATCH v4 2/3] powerpc/pseries: PLPKS SED Opal keystore
> > support
> > 
> > +++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> ...
> > +struct plpks_sed_object_data {
> > +   u_char version;
> > +   u_char pad1[7];
> > +   u_long authority;
> > +   u_long range;
> > +   u_int  key_len;
> > +   u_char key[32];
> > +};
> ...
> > +/*
> > + * Read the SED Opal key from PLPKS given the label
> > + */
> > +int sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> ...
> > +   *keylen = be32_to_cpu(data->key_len);
> > +
> > +   if (var.data) {
> > +           memcpy(key, var.data + offset, var.datalen - offset);
> > +           key[*keylen] = '\0';
> 
> Is there a guarantee that key_len is always < sizeof key, or
> does that need to be checked in more places?


Changed keylen paramter to be the maximum size that it copied. This 
will help avoid buffer overwrite.

Re: [PATCH v4 2/3] powerpc/pseries: PLPKS SED Opal keystore support

Reply via email to