[PATCH] crypto: sun4i-ss: restrict PRNG seed length to prevent heap overflow
Tianchu Chen
tianchu.chen at linux.dev
Fri May 29 00:05:24 PDT 2026
May 29, 2026 at 2:11 PM, "Herbert Xu" <herbert at gondor.apana.org.au mailto:herbert at gondor.apana.org.au?to=%22Herbert%20Xu%22%20%3Cherbert%40gondor.apana.org.au%3E > wrote:
>
> On Thu, May 28, 2026 at 02:53:17PM +0000, Tianchu Chen wrote:
>
> >
> > diff --git a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > index 491fcb7b8..010fa891c 100644
> > --- a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > +++ b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
> > @@ -8,6 +8,8 @@ int sun4i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed,
> > struct rng_alg *alg = crypto_rng_alg(tfm);
> >
> > algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng);
> > + if (slen > sizeof(algt->ss->seed))
> > + return -EINVAL;
> >
> This should simply ignore the extra data instead of failing.
Thanks for pointing out, silent truncation is more appropriate here.
I'll send a v2 patch with min_t soon.
Best regards,
Tianchu Chen
More information about the linux-arm-kernel
mailing list