Skip to content
Browse files

core: add VA overflow check in shdr_alloc_and_copy()

Make sure that no address overflow can occur when shdr_alloc_and_copy()
copies the signed header.

Signed-off-by: Jerome Forissier <>
Reported-by: Bastien Simondi <> [2.4]
Reviewed-by: Joakim Bech <>
  • Loading branch information...
jforissier committed Feb 5, 2019
1 parent 8ad7af5 commit 062765e4f80b97c90fd62d17859b675797af5de9
Showing with 6 additions and 0 deletions.
  1. +6 −0 core/crypto/signed_hdr.c
@@ -11,11 +11,14 @@
#include <tee_api_types.h>
#include <tee/tee_cryp_utl.h>
#include <utee_defines.h>
#include <util.h>

struct shdr *shdr_alloc_and_copy(const struct shdr *img, size_t img_size)
size_t shdr_size;
struct shdr *shdr;
vaddr_t img_va = (vaddr_t)img;
vaddr_t tmp = 0;

if (img_size < sizeof(struct shdr))
return NULL;
@@ -24,6 +27,9 @@ struct shdr *shdr_alloc_and_copy(const struct shdr *img, size_t img_size)
if (img_size < shdr_size)
return NULL;

if (ADD_OVERFLOW(img_va, shdr_size, &tmp))
return NULL;

shdr = malloc(shdr_size);
if (!shdr)
return NULL;

0 comments on commit 062765e

Please sign in to comment.
You can’t perform that action at this time.