From 34e32863a1bbbd1efadab3b2d13c9f01ca45537e Mon Sep 17 00:00:00 2001 From: Zhen Kong Date: Mon, 28 Nov 2016 18:23:33 +0530 Subject: [PATCH] qcrypto: protect potential integer overflow. Adding user passed parameters without check might lead to Integer overflow and unpredictable system behaviour. Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4 Signed-off-by: Neeraj Soni Signed-off-by: Zhen Kong --- drivers/crypto/msm/qce50.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c index 8d17ea89e266..ee7e735761e2 100644 --- a/drivers/crypto/msm/qce50.c +++ b/drivers/crypto/msm/qce50.c @@ -4967,6 +4967,11 @@ int qce_aead_req(void *handle, struct qce_req *q_req) else q_req->cryptlen = areq->cryptlen - authsize; + if (q_req->cryptlen > UINT_MAX - areq->assoclen) { + pr_err("Integer overflow on total aead req length.\n"); + return -EINVAL; + } + totallen = q_req->cryptlen + areq->assoclen; if (pce_dev->support_cmd_dscr) {