[PATCH v4 2/3] powerpc/pseries: PLPKS SED Opal keystore support

[Greg Joyce]

On Fri, 2022-10-07 at 19:09 +0000, Elliott, Robert (Servers) wrote:
> > -----Original Message-----
> > From: gjoyce at linux.vnet.ibm.com <gjoyce at linux.vnet.ibm.com>
> > Sent: Friday, August 19, 2022 5:32 PM
> > To: linux-block at vger.kernel.org
> > Cc: linuxppc-dev at lists.ozlabs.org; jonathan.derrick at linux.dev;
> > brking at linux.vnet.ibm.com; msuchanek at suse.de; mpe at ellerman.id.au;
> > nayna at linux.ibm.com; axboe at kernel.dk; akpm at linux-foundation.org;
> > gjoyce at linux.vnet.ibm.com; linux-efi at vger.kernel.org;
> > keyrings at vger.kernel.org; dhowells at redhat.com; jarkko at kernel.org
> > Subject: [PATCH v4 2/3] powerpc/pseries: PLPKS SED Opal keystore
> > support
> > 
> > +++ b/arch/powerpc/platforms/pseries/plpks_sed_ops.c
> ...
> > +struct plpks_sed_object_data {
> > +	u_char version;
> > +	u_char pad1[7];
> > +	u_long authority;
> > +	u_long range;
> > +	u_int  key_len;
> > +	u_char key[32];
> > +};
> ...
> > +/*
> > + * Read the SED Opal key from PLPKS given the label
> > + */
> > +int sed_read_key(char *keyname, char *key, u_int *keylen)
> > +{
> ...
> > +	*keylen = be32_to_cpu(data->key_len);
> > +
> > +	if (var.data) {
> > +		memcpy(key, var.data + offset, var.datalen - offset);
> > +		key[*keylen] = '\0';
> 
> Is there a guarantee that key_len is always < sizeof key, or
> does that need to be checked in more places?

Changed keylen paramter to be the maximum size that it copied. This 
will help avoid buffer overwrite.