diff options
| author | Neeraj Soni <neersoni@codeaurora.org> | 2016-11-28 18:23:33 +0530 |
|---|---|---|
| committer | Joey Rizzoli <joey@lineageos.org> | 2017-05-02 15:35:07 +0200 |
| commit | cae283e713807a90cb86be950a2a83e39f91b766 (patch) | |
| tree | f98ca604876ab3f7ec28409424cf613d91daf274 | |
| parent | b49d1a140c7ec9f0b4101495143fa9a3d01705ef (diff) | |
qcrypto: protect potential integer overflow.
Adding user passed parameters without check might
lead to Integer overflow and unpredictable system
behaviour.
Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
| -rw-r--r-- | drivers/crypto/msm/qce50.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c index b93a82fa69c..f4895b7d977 100644 --- a/drivers/crypto/msm/qce50.c +++ b/drivers/crypto/msm/qce50.c @@ -4489,6 +4489,12 @@ int qce_aead_req(void *handle, struct qce_req *q_req) else q_req->cryptlen = areq->cryptlen - authsize; + if ((q_req->cryptlen > UINT_MAX - areq->assoclen) || + (q_req->cryptlen + areq->assoclen > UINT_MAX - ivsize)) { + pr_err("Integer overflow on total aead req length.\n"); + return -EINVAL; + } + totallen = q_req->cryptlen + areq->assoclen + ivsize; if (pce_dev->support_cmd_dscr) { |