# git rev-parse -q --verify 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5^{commit}
0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5
already have revision, skipping fetch
# git checkout -q -f -B kisskb 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5
# git clean -qxdf
# < git log -1
# commit 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5
# Author: Ard Biesheuvel <ardb@kernel.org>
# Date:   Sat Jan 2 14:59:09 2021 +0100
# 
#     crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
#     
#     Pavel reports that commit 17858b140bf4 ("crypto: ecdh - avoid unaligned
#     accesses in ecdh_set_secret()") fixes one problem but introduces another:
#     the unconditional memcpy() introduced by that commit may overflow the
#     target buffer if the source data is invalid, which could be the result of
#     intentional tampering.
#     
#     So check params.key_size explicitly against the size of the target buffer
#     before validating the key further.
#     
#     Fixes: 17858b140bf4 ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()")
#     Reported-by: Pavel Machek <pavel@denx.de>
#     Cc: <stable@vger.kernel.org>
#     Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
#     Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
# < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-gcc --version
# < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-ld --version
# < git log --format=%s --max-count=1 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5
# < make -s -j 24 ARCH=x86_64 O=/kisskb/build/crypto_x86_64-allnoconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-  allnoconfig
# < make -s -j 24 ARCH=x86_64 O=/kisskb/build/crypto_x86_64-allnoconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-  help
# make -s -j 24 ARCH=x86_64 O=/kisskb/build/crypto_x86_64-allnoconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-  olddefconfig
# make -s -j 24 ARCH=x86_64 O=/kisskb/build/crypto_x86_64-allnoconfig_x86_64-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/x86_64-linux/bin/x86_64-linux-  
Completed OK
# rm -rf /kisskb/build/crypto_x86_64-allnoconfig_x86_64-gcc8
# Build took: 0:00:28.966427