crypto: msm: check potential integer overflow

According to the specification of AEAD, AEAD request crypt length is not a fixed maximum and associated length is also same. This could lead to potential integer overflow, thus allocating less memory. So we need to check potential integer overflow on AEAD request length. CRs-Fixed: 726872 Change-Id: Ie7708000bfd8c57e2fba8e02230a7ce9cdc9634c Signed-off-by: William Clark <wclark@codeaurora.org>

crypto: msm: check potential integer overflow
According to the specification of AEAD, AEAD request crypt length is not a fixed maximum and associated length is also same. This could lead to potential integer overflow, thus allocating less memory. So we need to check potential integer overflow on AEAD request length. CRs-Fixed: 726872 Change-Id: Ie7708000bfd8c57e2fba8e02230a7ce9cdc9634c Signed-off-by: William Clark <wclark@codeaurora.org>
35336216 · William Clark · Nikola Majkić · 5d6e9b74 · 35336216
Commit 35336216 authored 10 years ago by William Clark Committed by Nikola Majkić 9 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

drivers/crypto/msm/qcrypto.c drivers/crypto/msm/qcrypto.c +5 -5

No files found.
--- a/drivers/crypto/msm/qcrypto.c
+++ b/drivers/crypto/msm/qcrypto.c
@@ -1424,12 +1424,12 @@ static int _qcrypto_process_aead(struct crypto_priv *cp,
 			rctx->orig_src = req->src;
 			rctx->orig_dst = req->dst;

-			if ((MAX_ALIGN_SIZE*2 > ULONG_MAX - req->assoclen) ||
-				((MAX_ALIGN_SIZE*2 + req->assoclen) >
-						ULONG_MAX - qreq.authsize) ||
-				((MAX_ALIGN_SIZE*2 + req->assoclen +
+			if ((MAX_ALIGN_SIZE*2 > UINT_MAX - qreq.assoclen) ||
+				((MAX_ALIGN_SIZE*2 + qreq.assoclen) >
+						UINT_MAX - qreq.authsize) ||
+				((MAX_ALIGN_SIZE*2 + qreq.assoclen +
 						qreq.authsize) >
-						ULONG_MAX - req->cryptlen)) {
+						UINT_MAX - req->cryptlen)) {
 				pr_err("Integer overflow on aead req length.\n");
 				return -EINVAL;
 			}