Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 919df5e1 authored by Zhen Kong's avatar Zhen Kong
Browse files

msm: crypto: Fix integer over flow check in qcrypto driver 



Integer overflow check is invalid when ULONG_MAX is used,
as ULONG_MAX has typeof 'unsigned long', while req->assoclen,
req->crytlen, and qreq.ivsize are 'unsigned int'. Make change
to use UINT_MAX instead of ULONG_MAX.

CRs-fixed: 1050970
Change-Id: I3782ea7ed2eaacdcad15b34e047a4699bf4f9e4f
Signed-off-by: default avatarZhen Kong <zkong@codeaurora.org>
parent e99d73e0

drivers/crypto/msm/qcrypto.c

+3 −3
Original line number Diff line number Diff line
@@ -2261,12 +2261,12 @@ static int _qcrypto_process_aead(struct crypto_engine *pengine, 
			 * include  assoicated data, ciphering data stream,

			 * generated MAC, and CCM padding.

			 */

			if ((MAX_ALIGN_SIZE * 2 > ULONG_MAX - req->assoclen) ||

			if ((MAX_ALIGN_SIZE * 2 > UINT_MAX - req->assoclen) ||

				((MAX_ALIGN_SIZE * 2 + req->assoclen) >

						ULONG_MAX - qreq.ivsize) ||

						UINT_MAX - qreq.ivsize) ||

				((MAX_ALIGN_SIZE * 2 + req->assoclen

					+ qreq.ivsize)

						> ULONG_MAX - req->cryptlen)) {

						> UINT_MAX - req->cryptlen)) {

				pr_err("Integer overflow on aead req length.\n");

				return -EINVAL;

			}