DivestOS/Patches/Linux_CVEs/CVE-2016-6725/3.18/0002.patch
2017-11-07 17:32:46 -05:00

41 lines
1.5 KiB
Diff

From a8bfc6888280ac70c9c13b1802c1e962522714a4 Mon Sep 17 00:00:00 2001
From: Zhen Kong <zkong@codeaurora.org>
Date: Tue, 16 Aug 2016 12:46:12 -0700
Subject: msm: crypto: Fix integer over flow check in qcrypto driver
Integer overflow check is invalid when ULONG_MAX is used,
as ULONG_MAX has typeof 'unsigned long', while req->assoclen,
req->crytlen, and qreq.ivsize are 'unsigned int'. Make change
to use UINT_MAX instead of ULONG_MAX.
CRs-fixed: 1050970
Change-Id: I3782ea7ed2eaacdcad15b34e047a4699bf4f9e4f
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
---
drivers/crypto/msm/qcrypto.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/msm/qcrypto.c b/drivers/crypto/msm/qcrypto.c
index a975575..79e5ae9 100644
--- a/drivers/crypto/msm/qcrypto.c
+++ b/drivers/crypto/msm/qcrypto.c
@@ -2168,12 +2168,12 @@ static int _qcrypto_process_aead(struct crypto_engine *pengine,
* include assoicated data, ciphering data stream,
* generated MAC, and CCM padding.
*/
- if ((MAX_ALIGN_SIZE * 2 > ULONG_MAX - req->assoclen) ||
+ if ((MAX_ALIGN_SIZE * 2 > UINT_MAX - req->assoclen) ||
((MAX_ALIGN_SIZE * 2 + req->assoclen) >
- ULONG_MAX - qreq.ivsize) ||
+ UINT_MAX - qreq.ivsize) ||
((MAX_ALIGN_SIZE * 2 + req->assoclen
+ qreq.ivsize)
- > ULONG_MAX - req->cryptlen)) {
+ > UINT_MAX - req->cryptlen)) {
pr_err("Integer overflow on aead req length.\n");
return -EINVAL;
}
--
cgit v1.1