Searched hist:"70697 bf3c5dc3d201341b01a1a8e5bc6d2fb48f8" (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/tee/ |
| H A D | tee_svc_cryp.c | 70697bf3c5dc3d201341b01a1a8e5bc6d2fb48f8 Thu Sep 27 08:30:20 UTC 2018 Joakim Bech <joakim.bech@linaro.org> svc: check for allocation overflow in crypto calls part 2
Without checking for overflow there is a risk of allocating a buffer
with size smaller than anticipated and as a consequence of that it might
lead to a heap based overflow with attacker controlled data written
outside the boundaries of the buffer.
Fixes: OP-TEE-2018-0011: "Integer overflow in crypto system calls (x2)"
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reported-by: Riscure <inforequest@riscure.com>
Reported-by: Alyssa Milburn <a.a.milburn@vu.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|