From a7e4885d83a33ad1f857df1b9d68abafe49378f3 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 6 Feb 2020 12:45:34 +0100
Subject: chacha20poly1305: defensively protect against large inputs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/crypto/zinc/chacha20poly1305.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/crypto/zinc/chacha20poly1305.c b/src/crypto/zinc/chacha20poly1305.c
index 571a64e..ff54bc4 100644
--- a/src/crypto/zinc/chacha20poly1305.c
+++ b/src/crypto/zinc/chacha20poly1305.c
@@ -92,6 +92,8 @@ bool chacha20poly1305_encrypt_sg_inplace(struct scatterlist *src,
 		__le64 lens[2];
 	} b __aligned(16) = { { 0 } };
 
+	if (WARN_ON(src_len > INT_MAX))
+		return false;
 
 	chacha20_init(&chacha20_state, key, nonce);
 	chacha20(&chacha20_state, b.block0, b.block0, sizeof(b.block0),
@@ -253,7 +255,7 @@ bool chacha20poly1305_decrypt_sg_inplace(struct scatterlist *src,
 	} b __aligned(16) = { { 0 } };
 	bool ret = false;
 
-	if (unlikely(src_len < POLY1305_MAC_SIZE))
+	if (unlikely(src_len < POLY1305_MAC_SIZE || WARN_ON(src_len > INT_MAX)))
 		return ret;
 	src_len -= POLY1305_MAC_SIZE;
 
-- 
cgit v1.2.3-59-g8ed1b