Dan Carpenter 172c8a24fc crypto: cavium - prevent integer overflow loading firmware ... [ Upstream commit 2526d6bf27 ] The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can have an integer overflow. Fixes: 9e2c7d9994 ("crypto: cavium - Add Support for Octeon-tx CPT Engine") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-10-26 12:35:28 +02:00
..
cpt	crypto: cavium - prevent integer overflow loading firmware	2022-10-26 12:35:28 +02:00
nitrox	PCI: Change the type of probe argument in reset functions	2021-08-18 17:32:42 -05:00
zip	crypto: cavium/zip - remove unused including <linux/version.h>	2021-04-16 21:16:32 +10:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00