crypto: marvell/octeontx - prevent integer overflows
stable inclusion from stable-v5.10.150 commit 7bfa7d67735381715c98091194e81e7685f9b7db category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6D0XA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7bfa7d67735381715c98091194e81e7685f9b7db -------------------------------- [ Upstream commit caca37cf ] The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "code_length * 2" can overflow. The round_up(ucode_size, 16) + sizeof() expression can overflow too. Prevent these overflows. Fixes: d9110b0b ("crypto: marvell - add support for OCTEON TX CPT engine") Signed-off-by:Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Loading
Please sign in to comment