git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Dan Carpenter <dan.carpenter@oracle.com>
	Mon, 19 Sep 2022 06:43:27 +0000 (09:43 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 24 Oct 2022 07:58:07 +0000 (09:58 +0200)
commit	371fa5129af53a79f6dddc90fe5bb0825cbe72a4
tree	88c4794f1929cdf2562de0d536f3bdebfa435bab	tree
parent	8f5eee162e55175d9dac98b5e9b8da76449d2257	commit \| diff

crypto: cavium - prevent integer overflow loading firmware

[ Upstream commit 2526d6bf27d15054bb0778b2f7bc6625fd934905 ]

The "code_length" value comes from the firmware file. If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself. Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.

The "ntohl(ucode->code_length) * 2" multiplication can have an
integer overflow.

Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>