Merge 4.14.215 into android-4.14-stable

Changes in 4.14.215
	kbuild: don't hardcode depmod path
	workqueue: Kick a worker based on the actual activation of delayed works
	scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff()
	scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
	lib/genalloc: fix the overflow when size is too big
	depmod: handle the case of /sbin/depmod without /sbin in PATH
	ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
	ethernet: ucc_geth: set dev->max_mtu to 1518
	atm: idt77252: call pci_disable_device() on error path
	qede: fix offload for IPIP tunnel packets
	virtio_net: Fix recursive call to cpus_read_lock()
	net/ncsi: Use real net-device for response handler
	net: ethernet: Fix memleak in ethoc_probe
	net-sysfs: take the rtnl lock when storing xps_cpus
	net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
	ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
	net: hns: fix return value check in __lb_other_process()
	net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
	CDC-NCM: remove "connected" log message
	net: usb: qmi_wwan: add Quectel EM160R-GL
	vhost_net: fix ubuf refcount incorrectly when sendmsg fails
	net: sched: prevent invalid Scell_log shift count
	net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
	net: mvpp2: Fix GoP port 3 Networking Complex Control configurations
	net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
	video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
	crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
	usb: gadget: enable super speed plus
	USB: cdc-acm: blacklist another IR Droid device
	usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
	usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data()
	USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
	usb: usbip: vhci_hcd: protect shift size
	usb: uas: Add PNY USB Portable SSD to unusual_uas
	USB: serial: iuu_phoenix: fix DMA from stack
	USB: serial: option: add LongSung M5710 module support
	USB: serial: option: add Quectel EM160R-GL
	USB: yurex: fix control-URB timeout handling
	USB: usblp: fix DMA to stack
	ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
	usb: gadget: select CONFIG_CRC32
	usb: gadget: f_uac2: reset wMaxPacketSize
	usb: gadget: function: printer: Fix a memory leak for interface descriptor
	USB: gadget: legacy: fix return error code in acm_ms_bind()
	usb: gadget: Fix spinlock lockup on usb_function_deactivate
	usb: gadget: configfs: Preserve function ordering after bind failure
	usb: gadget: configfs: Fix use-after-free issue with udc_name
	USB: serial: keyspan_pda: remove unused variable
	x86/mm: Fix leak of pmd ptlock
	ALSA: hda/conexant: add a new hda codec CX11970
	ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
	Revert "device property: Keep secondary firmware node secondary by type"
	netfilter: ipset: fix shift-out-of-bounds in htable_bits()
	netfilter: xt_RATEEST: reject non-null terminated string from userspace
	x86/mtrr: Correct the range check before performing MTRR type lookups
	KVM: x86: fix shift out of bounds reported by UBSAN
	scsi: target: Fix XCOPY NAA identifier lookup
	Linux 4.14.215

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4a2050b044f2cecda91e6354513044c6352b97a9

1 files changed, 2 insertions, 1 deletions

diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 3919b59ada25..ea4c5a864fcd 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -43,7 +43,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 	struct ecdh params;
 	unsigned int ndigits;
 
-	if (crypto_ecdh_decode_key(buf, len, &params) < 0)
+	if (crypto_ecdh_decode_key(buf, len, &params) < 0 ||
+	    params.key_size > sizeof(ctx->private_key))
 		return -EINVAL;
 
 	ndigits = ecdh_supported_curve(params.curve_id);