Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a868ba0 authored by Gaurav Kashyap's avatar Gaurav Kashyap
Browse files

soc: qcom: hwkm: check key size before unwrap 



Make sure key size is what is expected by command packet
for KEY_UNWRAP_IMPORT in order to not overflow the buffer
and corrupt the stack.

Change-Id: Iba1d6bb3bf5efc4f4e64dafce0fbb65bb6f7b8c6
Signed-off-by: default avatarGaurav Kashyap <gaurkash@codeaurora.org>
parent 5df03724

drivers/soc/qcom/hwkm.c

+8 −0
Original line number Diff line number Diff line
@@ -44,6 +44,8 @@ int retries; 
#define WAIT_UNTIL(cond)			\

for (retries = 0; !(cond) && (retries < MAX_RETRIES); retries++)



#define EXPECTED_UNWRAP_KEY_SIZE 68



#define ICEMEM_SLAVE_TPKEY_VAL	0x192

#define ICEMEM_SLAVE_TPKEY_SLOT	0x92

#define KM_MASTER_TPKEY_SLOT	10
@@ -473,6 +475,12 @@ static int qti_handle_key_unwrap_import(const struct hwkm_cmd *cmd_in, 


	pr_debug("%s: KEY_UNWRAP_IMPORT start\n", __func__);



	if (cmd_in->unwrap.sz != EXPECTED_UNWRAP_KEY_SIZE) {

		pr_err("%s: Invalid key size - %d\n", __func__,

						cmd_in->unwrap.sz);

		return -EINVAL;

	}



	memcpy(cmd, &operation, OPERATION_INFO_LENGTH);

	memcpy(cmd + COMMAND_WRAPPED_KEY_IDX, cmd_in->unwrap.wkb,

			cmd_in->unwrap.sz);