Loading drivers/crypto/msm/qcedev.c +10 −1 Original line number Diff line number Diff line Loading @@ -1445,6 +1445,15 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, pr_err("%s: Invalid byte offset\n", __func__); goto error; } total = req->byteoffset; for (i = 0; i < req->entries; i++) { if (total > U32_MAX - req->vbuf.src[i].len) { pr_err("%s:Integer overflow on total src len\n", __func__); goto error; } total += req->vbuf.src[i].len; } } if (req->data_len < req->byteoffset) { Loading Loading @@ -1480,7 +1489,7 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, } } /* Check for sum of all dst length is equal to data_len */ for (i = 0; i < req->entries; i++) { for (i = 0, total = 0; i < req->entries; i++) { if (req->vbuf.dst[i].len >= U32_MAX - total) { pr_err("%s: Integer overflow on total req dst vbuf length\n", __func__); Loading Loading
drivers/crypto/msm/qcedev.c +10 −1 Original line number Diff line number Diff line Loading @@ -1445,6 +1445,15 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, pr_err("%s: Invalid byte offset\n", __func__); goto error; } total = req->byteoffset; for (i = 0; i < req->entries; i++) { if (total > U32_MAX - req->vbuf.src[i].len) { pr_err("%s:Integer overflow on total src len\n", __func__); goto error; } total += req->vbuf.src[i].len; } } if (req->data_len < req->byteoffset) { Loading Loading @@ -1480,7 +1489,7 @@ static int qcedev_check_cipher_params(struct qcedev_cipher_op_req *req, } } /* Check for sum of all dst length is equal to data_len */ for (i = 0; i < req->entries; i++) { for (i = 0, total = 0; i < req->entries; i++) { if (req->vbuf.dst[i].len >= U32_MAX - total) { pr_err("%s: Integer overflow on total req dst vbuf length\n", __func__); Loading
