From 55e9dce37ddf3ab358ba1d1e9eef4ee4bd8174a6 Mon Sep 17 00:00:00 2001
From: David McCullough <david_mccullough@au.securecomputing.com>
Date: Wed, 15 Mar 2006 21:08:51 +1100
Subject: [CRYPTO] aes: Fixed array boundary violation

The AES setkey routine writes 64 bytes to the E_KEY area even though
there are only 60 bytes there.  It is in fact safe since E_KEY is
immediately follwed by D_KEY which is initialised afterwards.  However,
doing this may trigger undefined behaviour and makes Coverity unhappy.

So by combining E_KEY and D_KEY into one array we sidestep this issue
altogether.

This problem was reported by Adrian Bunk.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/aes.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'crypto/aes.c')

diff --git a/crypto/aes.c b/crypto/aes.c
index 0a6a5c143686..a5017292e066 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -75,12 +75,11 @@ byte(const u32 x, const unsigned n)
 
 struct aes_ctx {
 	int key_length;
-	u32 E[60];
-	u32 D[60];
+	u32 buf[120];
 };
 
-#define E_KEY ctx->E
-#define D_KEY ctx->D
+#define E_KEY (&ctx->buf[0])
+#define D_KEY (&ctx->buf[60])
 
 static u8 pow_tab[256] __initdata;
 static u8 log_tab[256] __initdata;
-- 
cgit v1.2.3-59-g8ed1b