Merge "qcrypto: protect potential integer overflow."

author: Linux Build Service Account <lnxbuild@localhost> 2017-02-03 22:59:39 -0800
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-02-03 22:59:39 -0800
commit: b1615eab2bbe33b384e3cd19017a8e311ba48577 (patch)
tree: 5a2d20bf897eaec1787d33d751b31d635e6c98f4
parent: 6f9b57201a62ccc3f7b6cbc3c0c2ecb60f1fcc21 (diff)
parent: 34e32863a1bbbd1efadab3b2d13c9f01ca45537e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 8d17ea89e266..ee7e735761e2 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -4967,6 +4967,11 @@ int qce_aead_req(void *handle, struct qce_req *q_req)
 	else
 		q_req->cryptlen = areq->cryptlen - authsize;
 
+	if (q_req->cryptlen > UINT_MAX - areq->assoclen) {
+		pr_err("Integer overflow on total aead req length.\n");
+		return -EINVAL;
+	}
+
 	totallen = q_req->cryptlen + areq->assoclen;
 
 	if (pce_dev->support_cmd_dscr) {
author	Linux Build Service Account <lnxbuild@localhost>	2017-02-03 22:59:39 -0800
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-02-03 22:59:39 -0800
commit	b1615eab2bbe33b384e3cd19017a8e311ba48577 (patch)
tree	5a2d20bf897eaec1787d33d751b31d635e6c98f4
parent	6f9b57201a62ccc3f7b6cbc3c0c2ecb60f1fcc21 (diff)
parent	34e32863a1bbbd1efadab3b2d13c9f01ca45537e (diff)