mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/crypto
History
Dan Carpenter e29fd7a685 crypto: cavium - prevent integer overflow loading firmware 
[ Upstream commit 2526d6bf27 ]

The "code_length" value comes from the firmware file.  If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself.  Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.

The "ntohl(ucode->code_length) * 2" multiplication can have an
integer overflow.

Fixes: 9e2c7d9994 ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-10-21 12:39:01 +02:00
..
allwinner crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() 2022-06-17 17:19:20 +08:00
amcc crypto: amcc - Hold the reference returned by of_find_compatible_node 2022-07-08 15:21:16 +08:00
amlogic crypto: amlogic - call finalize with bh disabled 2022-03-03 10:47:49 +12:00
axis crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
bcm crypto: bcm - Fix a whole host of kernel-doc misdemeanours 2021-03-26 20:02:35 +11:00
caam crypto: caam/qi2 - switch to netif_napi_add_tx_weight() 2022-07-15 16:43:21 +08:00
cavium crypto: cavium - prevent integer overflow loading firmware 2022-10-21 12:39:01 +02:00
ccp crypto: ccp - Release dma channels before dmaengine unrgister 2022-10-21 12:38:59 +02:00
ccree crypto: ccree - Remove a useless dma_supported() call 2022-07-29 18:29:16 +08:00
chelsio treewide: Replace open-coded flex arrays in unions 2021-10-18 12:28:53 -07:00
gemini crypto: gemini - call finalize with bh disabled 2022-03-03 10:47:49 +12:00
hisilicon crypto: hisilicon/qm - fix missing put dfx access 2022-10-21 12:38:59 +02:00
inside-secure crypto: inside-secure - Change swab to swab32 2022-10-21 12:38:59 +02:00
keembay crypto: keembay-ocs-ecc - Drop if with an always false condition 2022-07-22 16:22:03 +08:00
marvell crypto: marvell/octeontx - prevent integer overflows 2022-10-21 12:39:01 +02:00
nx crypto: nx - Hold the reference returned by of_find_compatible_node 2022-07-08 15:21:16 +08:00
qat crypto: qat - fix DMA transfer direction 2022-10-21 12:38:59 +02:00
qce crypto: qce - fix uaf on qce_skcipher_register_one 2021-11-20 15:02:08 +11:00
rockchip crypto: rockchip - ECB does not need IV 2022-02-18 16:21:10 +11:00
stm32 crypto: stm32 - fix reference leak in stm32_crc_remove 2022-03-25 16:21:05 +12:00
ux500 crypto: ux500/hash - drop unexpected word "the" 2022-06-30 15:56:57 +08:00
virtio virtio-crypto: fix memory-leak 2022-09-27 18:30:48 -04:00
vmx crypto: vmx - Fix warning on p8_ghash_alg 2022-07-08 15:21:15 +08:00
xilinx crypto: xilinx: prevent probing on non-xilinx hardware 2022-03-09 15:12:31 +12:00
Kconfig crypto: s390 - do not depend on CRYPTO_HW for SIMD implementations 2022-07-06 20:04:06 -07:00
Makefile crypto: atmel - Avoid flush_scheduled_work() usage 2022-05-06 18:16:55 +08:00
atmel-aes-regs.h
atmel-aes.c crypto: atmel-aes - Drop if with an always false condition 2022-07-15 16:43:20 +08:00
atmel-authenc.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
atmel-ecc.c crypto: atmel-ecc - Remove duplicated error reporting in .remove() 2022-06-10 16:40:16 +08:00
atmel-i2c.c crypto: atmel - Avoid flush_scheduled_work() usage 2022-05-06 18:16:55 +08:00
atmel-i2c.h crypto: atmel - Avoid flush_scheduled_work() usage 2022-05-06 18:16:55 +08:00
atmel-sha-regs.h
atmel-sha.c crypto: atmel-sha - initialize sha_dd while declaring 2022-07-15 16:43:22 +08:00
atmel-sha204a.c crypto: atmel - Avoid flush_scheduled_work() usage 2022-05-06 18:16:55 +08:00
atmel-tdes-regs.h
atmel-tdes.c crypto: atmel-tdes - initialize tdes_dd while declaring 2022-07-15 16:43:22 +08:00
exynos-rng.c
geode-aes.c crypto: geode - use DEFINE_SPINLOCK() for spinlock 2021-04-16 21:16:31 +10:00
geode-aes.h
hifn_795x.c crypto: drivers - use semicolons rather than commas to separate statements 2020-10-02 18:02:15 +10:00
img-hash.c crypto: img-hash - remove need for error return variable ret 2021-09-17 11:06:14 +08:00
ixp4xx_crypto.c ARM: ixp4xx: Drop all common code 2022-02-12 18:20:04 +01:00
mxs-dcp.c crypto: mxs-dcp - Fix scatterlist processing 2022-01-31 11:21:46 +11:00
n2_asm.S
n2_core.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
n2_core.h
omap-aes-gcm.c
omap-aes.c crypto: omap-aes - Drop if with an always false condition 2022-07-15 16:43:21 +08:00
omap-aes.h
omap-crypto.c crypto: omap - Avoid redundant copy when using truncated sg list 2021-08-21 15:44:53 +08:00
omap-crypto.h
omap-des.c crypto: omap-des - Drop if with an always false condition 2022-07-15 16:43:21 +08:00
omap-sham.c crypto: omap-sham - Drop if with an always false condition 2022-07-15 16:43:21 +08:00
padlock-aes.c
padlock-sha.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
qcom-rng.c crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ 2022-05-13 17:13:38 +08:00
s5p-sss.c crypto: s5p-sss - Drop if with an always false condition 2022-07-15 16:43:21 +08:00
sa2ul.c crypto: sa2ul - Check engine status before enabling 2022-07-15 16:43:22 +08:00
sa2ul.h crypto: sa2ul - Check engine status before enabling 2022-07-15 16:43:22 +08:00
sahara.c crypto: sahara - don't sleep when in softirq 2022-10-21 12:38:57 +02:00
talitos.c crypto: talitos - Uniform coding style with defined variable 2022-05-13 17:24:49 +08:00
talitos.h crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) 2021-01-29 15:57:58 +11:00