From patchwork Mon Feb 12 22:56:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Boone X-Patchwork-Id: 872501 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="A/TbMSeN"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zgLj94nxPz9sNw for ; Tue, 13 Feb 2018 09:59:57 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3DFE2C21F4E; Mon, 12 Feb 2018 22:59:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D2A48C21DD7; Mon, 12 Feb 2018 22:59:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2808BC21DD7; Mon, 12 Feb 2018 22:56:54 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id C13D1C21D65 for ; Mon, 12 Feb 2018 22:56:53 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id a84so1172758wmi.5 for ; Mon, 12 Feb 2018 14:56:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=FRkhF5dRVmx1fonxBJd1vtBuJA6+2klzW2eZmMhEGfA=; b=A/TbMSeNmSz8ewnvtfmgfc/UEYoFcUBKGvXiWHxwv/ZIdYqSBwE9PmxbsVy4YJiR5m ggUXUey8qG2xSTq9PI8EPZ75d85PDIg3zTxQ0WOJ8f0hv6YB86gOYYdSNBtbOsYiU9xt G6zcPEsgBL+GZ7XJMD2Gr5hlP+dOP6md/4YTOlAzQB8/rpzMCo5gRAfMfKKhqyAIznq6 UAo3vuKjWEpKfKQeild/hstR9AqefNJMsxBM0B22r9OHjskn+EgD2PZrzncbTXK91xAY mc4l6e5AnQzXA+JylCKSYZ9bymrICV3NF6e0agOMt9Odve4h1QwtblHZ1y0JTibSCFgl mzeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=FRkhF5dRVmx1fonxBJd1vtBuJA6+2klzW2eZmMhEGfA=; b=Z4mxfNnZXejzY5b8/z4Q+GZHc6tXpVLfGIr2PGkueaT7Zwq0dESMKuCcZmceIGqE+h L4LLKkRSVaFBVkyvn3djjPx+raY1PXCr9uJD/bZdQK9MpyjRERKiV/D8D1V645f7fqnp Kgz/KXkEUFlFfDXOsfjMgTqPgx2UkzoSFu163FOEeiE/VbmV+xDofyRkahrRmrS1KGpA xT/F2qlAEO1Yt9bkqptflclEOvq5zIZp5hG5irgdEVntTl9fwtE3lwCb8QCM5+/CHnOd 3oIBXQbM+awf5ChB67mE4VNAC/6ksiyh2x6fcTExOgcnuLSzFoDv3oDUUJFibPK58SH/ fhWg== X-Gm-Message-State: APf1xPAQXO/LnZX8fMI3V4i3U0UyMycPo+Mzchicg5/p1QIbQQG/bkTj EXJqeOO/+y7JC5pc/3H3DcWWOhUi X-Google-Smtp-Source: AH8x226Io3lPUZPpGEd+CXslV8mvCE5M79tiNKzozStmtsYeO/kpgMN2VUrJ8+pW5Vm5gTQcmvztYQ== X-Received: by 10.28.153.20 with SMTP id b20mr113174wme.6.1518476212990; Mon, 12 Feb 2018 14:56:52 -0800 (PST) Received: from localhost.localdomain ([195.95.131.65]) by smtp.gmail.com with ESMTPSA id m191sm6184548wma.42.2018.02.12.14.56.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 12 Feb 2018 14:56:52 -0800 (PST) From: Jeremy Boone To: u-boot@lists.denx.de Date: Mon, 12 Feb 2018 17:56:34 -0500 Message-Id: <1518476197-24517-1-git-send-email-jeremy.boone@gmail.com> X-Mailer: git-send-email 2.7.4 X-Mailman-Approved-At: Mon, 12 Feb 2018 22:59:48 +0000 Cc: Jeremy Boone Subject: [U-Boot] [PATCH 0/3] Fix potential buffer overruns in TPM driver X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Jeremy Boone The TPM response packet often contains a variable-length payload. It is the responsibility of U-Boot driver code to ensure that the length value that has been extracted from the response packet's header or body is appropriately sized before copying that data into another buffer. Jeremy Boone (3): STMicro TPM: Fix potential buffer overruns Infineon TPM: Fix potential buffer overruns Atmel TPM: Fix potential buffer overruns drivers/tpm/tpm_atmel_twi.c | 14 ++++++++++++-- drivers/tpm/tpm_tis_infineon.c | 5 +++-- drivers/tpm/tpm_tis_st33zp24_i2c.c | 5 +++-- drivers/tpm/tpm_tis_st33zp24_spi.c | 5 +++-- 4 files changed, 21 insertions(+), 8 deletions(-)