Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / dd189feebaf83849d220fefa39a1c2bfdbcd4406
commitdd189feebaf83849d220fefa39a1c2bfdbcd4406[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Wed Sep 08 08:33:57 2021 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Nov 18 14:03:38 2021 +0100
treeb8ee839d3628fe222f73828ec3a7b88ed05a2f4b
parent32498b8889c8d1f9b2b67f4e43e017c63359b03e [diff]
tpm: Check for integer overflow in tpm2_map_response_body()

commit a0bcce2b2a169e10eb265c8f0ebdd5ae4c875670 upstream.

The "4 * be32_to_cpu(data->count)" multiplication can potentially
overflow which would lead to memory corruption.  Add a check for that.

Cc: stable@vger.kernel.org
Fixes: 745b361e989a ("tpm: infrastructure for TPM spaces")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: b8ee839d3628fe222f73828ec3a7b88ed05a2f4b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README