Please sign in to comment.
svc: check for allocation overflow in crypto calls
Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead to a heap based overflow with attacker controlled data written outside the boundaries of the buffer. Fixes: OP-TEE-2018-0010: "Integer overflow in crypto system calls (x2)" Signed-off-by: Joakim Bech <email@example.com> Tested-by: Joakim Bech <firstname.lastname@example.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <email@example.com> Reported-by: Riscure <firstname.lastname@example.org> Reported-by: Alyssa Milburn <email@example.com> Acked-by: Etienne Carriere <firstname.lastname@example.org>
- Loading branch information...