Searched hist:b60e1cee406a1ff521145ab9534370dfb85dd592 (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/tee/ |
| H A D | tee_svc_cryp.c | b60e1cee406a1ff521145ab9534370dfb85dd592 Thu Sep 27 08:15:53 UTC 2018 Joakim Bech <joakim.bech@linaro.org> svc: check for allocation overflow in syscall_cryp_obj_populate
Without checking for overflow there is a risk of allocating a buffer
with size smaller than anticipated and as a consequence of that it might
lead to a heap based overflow with attacker controlled data written
outside the boundaries of the buffer.
Fixes: OP-TEE-2018-0009: "Integer overflow in crypto system calls"
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reported-by: Riscure <inforequest@riscure.com>
Reported-by: Alyssa Milburn <a.a.milburn@vu.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|