From 34e32863a1bbbd1efadab3b2d13c9f01ca45537e Mon Sep 17 00:00:00 2001
From: Zhen Kong <zkong@codeaurora.org>
Date: Mon, 28 Nov 2016 18:23:33 +0530
Subject: [PATCH] qcrypto: protect potential integer overflow.

Adding user passed parameters without check might
lead to Integer overflow and unpredictable system
behaviour.

Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
---
 drivers/crypto/msm/qce50.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 8d17ea89e266..ee7e735761e2 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -4967,6 +4967,11 @@ int qce_aead_req(void *handle, struct qce_req *q_req)
 	else
 		q_req->cryptlen = areq->cryptlen - authsize;
 
+	if (q_req->cryptlen > UINT_MAX - areq->assoclen) {
+		pr_err("Integer overflow on total aead req length.\n");
+		return -EINVAL;
+	}
+
 	totallen = q_req->cryptlen + areq->assoclen;
 
 	if (pce_dev->support_cmd_dscr) {