From patchwork Tue Jul  4 13:54:19 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Steffen <Alexander.Steffen@infineon.com>
X-Patchwork-Id: 784027
Return-Path: <tpmdd-devel-bounces@lists.sourceforge.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3x25xK06Byz9s74
	for <incoming@patchwork.ozlabs.org>;
	Wed,  5 Jul 2017 00:29:40 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=sourceforge.net header.i=@sourceforge.net
	header.b="lH2G8/pF";
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=sf.net header.i=@sf.net header.b="Xv0IDSA6";
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=infineon.com header.i=@infineon.com
	header.b="lxBwTg8e"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <tpmdd-devel-bounces@lists.sourceforge.net>)
	id 1dSOpa-00009w-NH; Tue, 04 Jul 2017 14:29:34 +0000
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <alexander.steffen@infineon.com>) id 1dSOpZ-00009p-Ql
	for tpmdd-devel@lists.sourceforge.net; Tue, 04 Jul 2017 14:29:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=sourceforge.net; s=x;
	h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From;
	bh=hgb2RGtdAkgrF/RsGw0RFtm6StKBJjScKuGDpieQpLI=;
	b=lH2G8/pFUlf0sCb7c85BEfTBiFYCMR2dob3hc3/hUpBNxU+5i/MRv+hImOQ0mndhGvhFBqYjjbXNJWVnJPAR/KZiKHCfa+oJi6VR2EXAo/bf3EXqZ6yS4yAo4C/YPhGxHdH3WsSGHGVLEi1KurnVsMWzda3RZ5cVS5GAc242rbU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net;
	s=x;
	h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From;
	bh=hgb2RGtdAkgrF/RsGw0RFtm6StKBJjScKuGDpieQpLI=;
	b=Xv0IDSA6oA+ImT5HwJCLWk7OR9PqevkoCYcfqM/2GgPbw+pcDnQk1bAb3I310tPf4xufhZEdf3+um1MCNRseDpAIGFMOsBOmuf2G5wivu5GuUwxxPVOU3XYT68OBiHso0lOUK2cEhtgN3hyYT62Mfmvfm0jT0ugsgeqUI/rkabg=;
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of infineon.com
	designates 217.10.52.18 as permitted sender)
	client-ip=217.10.52.18;
	envelope-from=alexander.steffen@infineon.com;
	helo=smtp2.infineon.com;
Received: from smtp2.infineon.com ([217.10.52.18])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps
	(TLSv1:AES256-SHA:256) (Exim 4.76) id 1dSOpY-0005r2-R1
	for tpmdd-devel@lists.sourceforge.net; Tue, 04 Jul 2017 14:29:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=infineon.com; i=@infineon.com; q=dns/txt; s=IFXMAIL;
	t=1499178572; x=1530714572;
	h=from:to:cc:subject:date:message-id:in-reply-to:
	references:mime-version;
	bh=KhyBcvzP27Uq8IxwkY8QLXBbjYnF4kSFEFaZ//GILxc=;
	b=lxBwTg8eg2ajjgs39U5TvQxJF6/uAEfyAR3Znf6O1Q6IkxAHJ82tA71L
	cTpsiMHLkoSorDLVc7kjmOEY89DD6jEM5s+bWwazKSwz3mBzt4SxAnFHI
	nwnTENwUCpQxOP2yGU5yy4W2H3oBLCmMqKYUCA7P7SJoGo0HwM2m952kI g=;
X-SBRS: None
Received: from unknown (HELO mucxv002.muc.infineon.com) ([172.23.11.17])
	by smtp2.infineon.com with ESMTP/TLS/AES256-GCM-SHA384;
	04 Jul 2017 15:54:47 +0200
Received: from MUCSE609.infineon.com (unknown [172.23.7.110])
	by mucxv002.muc.infineon.com (Postfix) with ESMTPS;
	Tue,  4 Jul 2017 15:54:47 +0200 (CEST)
Received: from MUCSE603.infineon.com (172.23.7.104) by MUCSE609.infineon.com
	(172.23.7.110) with Microsoft SMTP Server (TLS) id 15.0.1263.5;
	Tue, 4 Jul 2017 15:54:46 +0200
Received: from ABGN5CG4522MQD.eu.infineon.com (172.29.170.97) by
	MUCSE603.infineon.com (172.23.7.104) with Microsoft SMTP Server (TLS)
	id 15.0.1263.5; Tue, 4 Jul 2017 15:54:46 +0200
From: Alexander Steffen <Alexander.Steffen@infineon.com>
To: <tpmdd-devel@lists.sourceforge.net>
Date: Tue, 4 Jul 2017 15:54:19 +0200
Message-ID: <20170704135419.1692-2-Alexander.Steffen@infineon.com>
X-Mailer: git-send-email 2.11.1.windows.1
In-Reply-To: <20170704135419.1692-1-Alexander.Steffen@infineon.com>
References: <20170704135419.1692-1-Alexander.Steffen@infineon.com>
MIME-Version: 1.0
X-Originating-IP: [172.29.170.97]
X-ClientProxiedBy: MUCSE601.infineon.com (172.23.7.102) To
	MUCSE603.infineon.com (172.23.7.104)
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1dSOpY-0005r2-R1
Subject: [tpmdd-devel] [PATCH 2/2] tpm-interface: Fix checks of buffer size
X-BeenThere: tpmdd-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Tpm Device Driver maintainance <tpmdd-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=tpmdd-devel>
List-Post: <mailto:tpmdd-devel@lists.sourceforge.net>
List-Help: <mailto:tpmdd-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/tpmdd-devel>,
	<mailto:tpmdd-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: stable@vger.kernel.org
Errors-To: tpmdd-devel-bounces@lists.sourceforge.net

bufsiz contains the length of the buffer, whereas bufvalid contains the
number of valid bytes within the buffer. Therefore, bufvalid should be used
as a limit when reading from the buffer and bufsize when writing to it.

Cc: stable@vger.kernel.org
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
---
 drivers/char/tpm/tpm-interface.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index a452cd0..5ef8eb3 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -393,19 +393,16 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
 	unsigned long stop;
 	bool need_locality;
 
-	if (!tpm_validate_command(chip, space, buf, bufsiz))
+	if (!tpm_validate_command(chip, space, buf, bufvalid))
 		return -EINVAL;
 
-	if (bufsiz > TPM_BUFSIZE)
-		bufsiz = TPM_BUFSIZE;
-
 	count = be32_to_cpu(*((__be32 *) (buf + 2)));
 	ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
 	if (count == 0)
 		return -ENODATA;
-	if (count > bufsiz || count > bufvalid) {
+	if (count > bufvalid) {
 		dev_err(&chip->dev,
-			"invalid count value %x %zx\n", count, bufsiz);
+			"invalid count value %x %zx\n", count, bufvalid);
 		return -E2BIG;
 	}