]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 380a415) | patch
tpm: Check for integer overflow in tpm2_map_response_body()
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 8 Sep 2021 05:33:57 +0000 (08:33 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 26 Nov 2021 10:35:57 +0000 (11:35 +0100)
commitbf3a1a8c9120f0cc55dc65993674bc1ac1f2968a
tree67548807cfd86994c66a0f4fb7a1e56447495860tree | snapshot
parent380a415cecb66d69d33900577af1ee09330de37acommit | diff
tpm: Check for integer overflow in tpm2_map_response_body()

commit a0bcce2b2a169e10eb265c8f0ebdd5ae4c875670 upstream.

The "4 * be32_to_cpu(data->count)" multiplication can potentially
overflow which would lead to memory corruption.  Add a check for that.

Cc: stable@vger.kernel.org
Fixes: 745b361e989a ("tpm: infrastructure for TPM spaces")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/char/tpm/tpm2-space.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git