Please sign in to comment.
core: RPMB FS: check for potential overflows
This commit deals with a number of potential integer overflows in the RPMB FS code. rpmb_fs_init() requests device information from the REE. The RPMB size is returned in struct rpmb_dev_info (field rpmb_size_mult) and is used in a multiplication that could overflow. Use MUL_OVERFLOW() to deal with this case. Some overflow checks are also added in the read and write paths. Signed-off-by: Jerome Forissier <email@example.com> Reported-by: Bastien Simondi <firstname.lastname@example.org> [2.12] Reviewed-by: Joakim Bech <email@example.com>
- Loading branch information...