Skip to content

Commit

Permalink
km: ta: use arithmetic ops with overflow detection
Browse files Browse the repository at this point in the history 
Use arithmetic operations with overflow detection at places where
parameters come or are derived from REE.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
  • Loading branch information
@vchong
Victor Chong authored and vchong committed Nov 26, 2020
1 parent 74ae244 commit 3cb3218
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions keymaster/ta/parsel.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,12 @@ int TA_deserialize_auth_set(uint8_t *in, uint8_t *end,
DMSG("indirect_base:%p", indirect_base);
TEE_MemMove(indirect_base, in, indirect_data_size);
indirect_end = indirect_base + indirect_data_size;

if (TA_is_out_of_bounds(in, end, indirect_data_size)) {
EMSG("Out of input array bounds on deserialization");
*res = KM_ERROR_INSUFFICIENT_BUFFER_SPACE;
goto out;
}
in += indirect_data_size;

//Number of elems_(uint32_t)
Expand Down

0 comments on commit 3cb3218

Please sign in to comment.