leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e2fb992d82
linux/drivers/char/tpm/st33zp24
History
Jeremy Boone 6d24cd186d tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus 
Discrete TPMs are often connected over slow serial buses which, on
some platforms, can have glitches causing bit flips.  In all the
driver _recv() functions, we need to use a u32 to unmarshal the
response size, otherwise a bit flip of the 31st bit would cause the
expected variable to go negative, which would then try to read a huge
amount of data.  Also sanity check that the expected amount of data is
large enough for the TPM header.

Signed-off-by: Jeremy Boone <jeremy.boone@nccgroup.trust>
Cc: stable@vger.kernel.org
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
2018-02-26 15:43:45 -08:00
..
i2c.c tpm/st33zp24: Switch to devm_acpi_dev_add_driver_gpios() 2017-06-19 02:33:22 +02:00
Kconfig tpm/st33zp24: Auto-select core module 2016-06-25 17:21:42 +03:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spi.c tpm/st33zp24: Switch to devm_acpi_dev_add_driver_gpios() 2017-06-19 02:33:22 +02:00
st33zp24.c tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus 2018-02-26 15:43:45 -08:00
st33zp24.h tpm: drop 'locality' from struct tpm_vendor_specific 2016-06-25 17:26:35 +03:00