On Sun, Sep 11, 2016 at 10:05:46PM -0600, Jason Gunthorpe wrote:
> On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> > tpm_write() does not check whether the buffer has at least enough space
> > for the header before passing it to tpm_transmit() so an overflow can
> > happen.
>
>
On Sun, Sep 11, 2016 at 10:05:46PM -0600, Jason Gunthorpe wrote:
> On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> > tpm_write() does not check whether the buffer has at least enough space
> > for the header before passing it to tpm_transmit() so an overflow can
> > happen.
>
>
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> tpm_write() does not check whether the buffer has at least enough space
> for the header before passing it to tpm_transmit() so an overflow can
> happen.
Eh?
tpm_write uses a hard wired buffer size of TPM_BUFSIZE when working
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> tpm_write() does not check whether the buffer has at least enough space
> for the header before passing it to tpm_transmit() so an overflow can
> happen.
Eh?
tpm_write uses a hard wired buffer size of TPM_BUFSIZE when working
On Sun, Sep 11, 2016 at 03:51:42PM +0300, Jarkko Sakkinen wrote:
> On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> > tpm_write() does not check whether the buffer has at least enough space
> > for the header before passing it to tpm_transmit() so an overflow can
> > happen.
> >
On Sun, Sep 11, 2016 at 03:51:42PM +0300, Jarkko Sakkinen wrote:
> On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> > tpm_write() does not check whether the buffer has at least enough space
> > for the header before passing it to tpm_transmit() so an overflow can
> > happen.
> >
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> tpm_write() does not check whether the buffer has at least enough space
> for the header before passing it to tpm_transmit() so an overflow can
> happen.
>
> Signed-off-by: Jarkko Sakkinen
This
On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote:
> tpm_write() does not check whether the buffer has at least enough space
> for the header before passing it to tpm_transmit() so an overflow can
> happen.
>
> Signed-off-by: Jarkko Sakkinen
This is usable neither as read nor
tpm_write() does not check whether the buffer has at least enough space
for the header before passing it to tpm_transmit() so an overflow can
happen.
Signed-off-by: Jarkko Sakkinen
---
drivers/char/tpm/tpm-interface.c | 3 +++
1 file changed, 3 insertions(+)
tpm_write() does not check whether the buffer has at least enough space
for the header before passing it to tpm_transmit() so an overflow can
happen.
Signed-off-by: Jarkko Sakkinen
---
drivers/char/tpm/tpm-interface.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
10 matches
Mail list logo