Please sign in to comment.
svc: check for allocation overflow in syscall_cryp_obj_populate
Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead to a heap based overflow with attacker controlled data written outside the boundaries of the buffer. Fixes: OP-TEE-2018-0009: "Integer overflow in crypto system calls" Signed-off-by: Joakim Bech <firstname.lastname@example.org> Tested-by: Joakim Bech <email@example.com> (QEMU v7, v8) Reviewed-by: Jens Wiklander <firstname.lastname@example.org> Reported-by: Riscure <email@example.com> Reported-by: Alyssa Milburn <firstname.lastname@example.org> Acked-by: Etienne Carriere <email@example.com>
- Loading branch information...