diff options
author | Neil Shipp <neilsh@microsoft.com> | 2020-10-01 17:02:36 -0700 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2020-10-07 10:17:16 +0200 |
commit | 3b354b197a4e5d23dddfc9733529c69db8cab07d (patch) | |
tree | 54fb6a96ea7db74c7364f74d95c7bb2c901311c9 /core/tee | |
parent | 919a5a68d1a485b6aff4a5057bb917b9a717ae0d (diff) |
core: Fix RPMB fat entry cache buffer overflow
Ensure that fat_entry_dir_update can only update entries less than
the current cache size and not just the maximum size limit of the cache.
Signed-off-by: Neil Shipp <neilsh@microsoft.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'core/tee')
-rw-r--r-- | core/tee/tee_rpmb_fs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/tee/tee_rpmb_fs.c b/core/tee/tee_rpmb_fs.c index cbf3f3c0..bea18f4b 100644 --- a/core/tee/tee_rpmb_fs.c +++ b/core/tee/tee_rpmb_fs.c @@ -1650,7 +1650,8 @@ static TEE_Result __maybe_unused fat_entry_dir_update sizeof(struct rpmb_fat_entry); /* Only need to write if index points to an entry in cache. */ - if (fat_entry_buf_idx < max_cache_entries) { + if (fat_entry_buf_idx < fat_entry_dir->num_buffered && + fat_entry_buf_idx < max_cache_entries) { memcpy(fat_entry_dir->rpmb_fat_entry_buf + fat_entry_buf_idx, fat_entry, sizeof(struct rpmb_fat_entry)); } |