aboutsummaryrefslogtreecommitdiff
path: root/drivers/crypto
diff options
context:
space:
mode:
authorSuraj Das <surajdazz@gmail.com>2017-06-25 19:07:06 +0530
committerSuraj Das <surajdazz@gmail.com>2017-06-25 19:15:40 +0530
commit6e033ebda94e620277a569625745cf21c749efdb (patch)
tree641e80dabecde9fd9108b654bf43828d78632509 /drivers/crypto
parentfa097959467283e96988ba548a20ccb3ec27c0c1 (diff)
parent262196005747d5e8b4106e92adae3749e8686240 (diff)
Merge branch 'cm-14.1' of https://github.com/LineageOS/android_kernel_oneplus_msm8974 into n7.1HEADn7.1
Diffstat (limited to 'drivers/crypto')
-rw-r--r--drivers/crypto/msm/ota_crypto.c4
-rw-r--r--drivers/crypto/msm/qcedev.c15
-rw-r--r--drivers/crypto/msm/qcrypto.c4
3 files changed, 16 insertions, 7 deletions
diff --git a/drivers/crypto/msm/ota_crypto.c b/drivers/crypto/msm/ota_crypto.c
index 6ecf5b2b4cc..60525358f89 100644
--- a/drivers/crypto/msm/ota_crypto.c
+++ b/drivers/crypto/msm/ota_crypto.c
@@ -744,8 +744,8 @@ static ssize_t _debug_stats_read(struct file *file, char __user *buf,
int len;
len = _disp_stats();
-
- rc = simple_read_from_buffer((void __user *) buf, len,
+ if (len <= count)
+ rc = simple_read_from_buffer((void __user *) buf, len,
ppos, (void *) _debug_read_buf, len);
return rc;
diff --git a/drivers/crypto/msm/qcedev.c b/drivers/crypto/msm/qcedev.c
index 0cbefe7671d..43b3d0ad5d3 100644
--- a/drivers/crypto/msm/qcedev.c
+++ b/drivers/crypto/msm/qcedev.c
@@ -1549,6 +1549,15 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req,
pr_err("%s: Invalid byte offset\n", __func__);
goto error;
}
+ total = req->byteoffset;
+ for (i = 0; i < req->entries; i++) {
+ if (total > U32_MAX - req->vbuf.src[i].len) {
+ pr_err("%s:Integer overflow on total src len\n",
+ __func__);
+ goto error;
+ }
+ total += req->vbuf.src[i].len;
+ }
}
if (req->data_len < req->byteoffset) {
@@ -1584,7 +1593,7 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req,
}
}
/* Check for sum of all dst length is equal to data_len */
- for (i = 0; i < req->entries; i++) {
+ for (i = 0, total = 0; i < req->entries; i++) {
if (req->vbuf.dst[i].len >= U32_MAX - total) {
pr_err("%s: Integer overflow on total req dst vbuf length\n",
__func__);
@@ -2164,9 +2173,9 @@ static ssize_t _debug_stats_read(struct file *file, char __user *buf,
len = _disp_stats(qcedev);
- rc = simple_read_from_buffer((void __user *) buf, len,
+ if (len <= count)
+ rc = simple_read_from_buffer((void __user *) buf, len,
ppos, (void *) _debug_read_buf, len);
-
return rc;
}
diff --git a/drivers/crypto/msm/qcrypto.c b/drivers/crypto/msm/qcrypto.c
index bbf4ef693ed..8d1c7e27e3b 100644
--- a/drivers/crypto/msm/qcrypto.c
+++ b/drivers/crypto/msm/qcrypto.c
@@ -4918,9 +4918,9 @@ static ssize_t _debug_stats_read(struct file *file, char __user *buf,
len = _disp_stats(qcrypto);
- rc = simple_read_from_buffer((void __user *) buf, len,
+ if (len <= count)
+ rc = simple_read_from_buffer((void __user *) buf, len,
ppos, (void *) _debug_read_buf, len);
-
return rc;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 19:38:40 +0000