diff options
| author | Rygebin <kaankulahli@gmail.com> | 2017-06-20 14:29:27 +0000 |
|---|---|---|
| committer | Rygebin <kaankulahli@gmail.com> | 2017-06-20 14:29:27 +0000 |
| commit | afa9ad70f02491fbe10df2203f8f2fa42f956228 (patch) | |
| tree | b6dce4ed04f62fd443721a94ac3e7f81427e0ad1 /drivers/crypto/msm/qcedev.c | |
| parent | 582eb92a1e8bf6c0e743774c1fb550e630715433 (diff) | |
| parent | 08d1ec9238c605a9a5cf1229fd60961efcd21ff1 (diff) | |
Diffstat (limited to 'drivers/crypto/msm/qcedev.c')
| -rw-r--r-- | drivers/crypto/msm/qcedev.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/drivers/crypto/msm/qcedev.c b/drivers/crypto/msm/qcedev.c index 0bc47fbf1a9..1bfbe7c1fa3 100644 --- a/drivers/crypto/msm/qcedev.c +++ b/drivers/crypto/msm/qcedev.c @@ -1472,6 +1472,15 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, pr_err("%s: Invalid byte offset\n", __func__); goto error; } + total = req->byteoffset; + for (i = 0; i < req->entries; i++) { + if (total > U32_MAX - req->vbuf.src[i].len) { + pr_err("%s:Integer overflow on total src len\n", + __func__); + goto error; + } + total += req->vbuf.src[i].len; + } } if (req->data_len < req->byteoffset) { @@ -1507,7 +1516,7 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, } } /* Check for sum of all dst length is equal to data_len */ - for (i = 0; i < req->entries; i++) { + for (i = 0, total = 0; i < req->entries; i++) { if (req->vbuf.dst[i].len >= U32_MAX - total) { pr_err("%s: Integer overflow on total req dst vbuf length\n", __func__); @@ -2075,9 +2084,9 @@ static ssize_t _debug_stats_read(struct file *file, char __user *buf, len = _disp_stats(qcedev); - rc = simple_read_from_buffer((void __user *) buf, len, + if (len <= count) + rc = simple_read_from_buffer((void __user *) buf, len, ppos, (void *) _debug_read_buf, len); - return rc; } |