qcrypto: protect potential integer overflow.android-7.1.1_r0.52

Adding user passed parameters without check might lead to Integer overflow and unpredictable system behaviour. Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> Bug: 34389927
author: Ariel Yin <ayin@google.com> 2017-02-08 12:43:59 -0800
committer: Ariel Yin <ayin@google.com> 2017-02-14 22:21:09 +0000
commit: b36f20c37684d263a5b5ac276455060636773e17 (patch)
tree: f0491c82e54f3d0421f450992af4b9d3f2143fc8
parent: ade375c182fbb6d5e788eb818f0dc7b92ab38035 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/crypto/msm/qce50.c b/drivers/crypto/msm/qce50.c
index 9e5afc724df1..5522be9488ec 100644
--- a/drivers/crypto/msm/qce50.c
+++ b/drivers/crypto/msm/qce50.c
@@ -4481,6 +4481,12 @@ int qce_aead_req(void *handle, struct qce_req *q_req)
 	else
 		q_req->cryptlen = areq->cryptlen - authsize;
 
+	if ((q_req->cryptlen > UINT_MAX - areq->assoclen) ||
+		(q_req->cryptlen + areq->assoclen > UINT_MAX - ivsize)) {
+			pr_err("Integer overflow on total aead req length.\n");
+			return -EINVAL;
+	}
+
 	totallen = q_req->cryptlen + areq->assoclen + ivsize;
 
 	if (pce_dev->support_cmd_dscr) {
author	Ariel Yin <ayin@google.com>	2017-02-08 12:43:59 -0800
committer	Ariel Yin <ayin@google.com>	2017-02-14 22:21:09 +0000
commit	b36f20c37684d263a5b5ac276455060636773e17 (patch)
tree	f0491c82e54f3d0421f450992af4b9d3f2143fc8
parent	ade375c182fbb6d5e788eb818f0dc7b92ab38035 (diff)