On Thu, Mar 23, 2017 at 04:40:29PM +0100, Vincent Stehlé wrote:
> In tpm2_map_to_phandle(), avoid the case where i equals
> ARRAY_SIZE(space->context_tbl) and we then access space->context_tbl[i].
>
> This fixes the following smatch error:
>
> drivers/char/tpm/tpm2-space.c:232 tpm2_map_to_phandle() error: buffer
> overflow 'space->context_tbl' 3 <= 3
>
> Fixes: 5f6b4fbc12c8fc97 ("tpm: infrastructure for TPM spaces")
> Signed-off-by: Vincent Stehlé <[email protected]>
> Cc: Jarkko Sakkinen <[email protected]>
> Cc: James Bottomley <[email protected]>
Hi
Thanks for doing this. I just squashed a fix by Colin Ian King. Anyway,
thank you.
/Jarkko
> ---
>
>
> Hi,
>
> I saw that in Linux next-20170323.
>
> Best regards,
>
> Vincent.
>
>
> drivers/char/tpm/tpm2-space.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index d36d81e07076..009934269514 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -229,7 +229,7 @@ static bool tpm2_map_to_phandle(struct tpm_space *space,
> void *handle)
> int i;
>
> i = 0xFFFFFF - (vhandle & 0xFFFFFF);
> - if (i > ARRAY_SIZE(space->context_tbl) || !space->context_tbl[i])
> + if (i >= ARRAY_SIZE(space->context_tbl) || !space->context_tbl[i])
> return false;
>
> phandle = space->context_tbl[i];
> --
> 2.11.0
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
