scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-15 20:37:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Avoid integer wrap on 32-bit platforms

Browse Source 
This could wrap before the assignment:

  uint64_t = uint32_t * int;

Instead:

  uint64_t = uint32_t;
  uint64_t *= int;

BUG=chrome-os-partner:11643
TEST=none

Nothing to test or verify. If the security guys approve, it's fixed.

Change-Id: Ib7c9774998332ac1a29c4551bc039eaa999ee681
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28841
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
This commit is contained in:
Bill Richardson
2012-07-30 15:22:56 -07:00
committed by Gerrit
parent 2312ab6122
commit 463eaeb308
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/lib/cryptolib/rsa_utility.c
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
@@ -51,7 +51,9 @@ RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, uint64_t len) {
StatefulInit(&st, (void*)buf, len);
StatefulMemcpy(&st, &key->len, sizeof(key->len));
key_len = key->len * sizeof(uint32_t); /* key length in bytes. */
/* key length in bytes (avoiding possible 32-bit rollover) */
key_len = key->len;
key_len *= sizeof(uint32_t);
/* Sanity Check the key length. */
if (RSA1024NUMBYTES != key_len &&