From aa77b05c4666d53003679b45d691d0ad0ec94f22 Mon Sep 17 00:00:00 2001
From: Biswajit Paul <biswajitpaul@codeaurora.org>
Date: Tue, 16 Aug 2016 12:46:12 -0700
Subject: [PATCH] msm: crypto: Fix integer over flow check in qcrypto driver

Integer overflow check is invalid when ULONG_MAX is used,
as ULONG_MAX has typeof 'unsigned long', while req->assoclen,
req->crytlen, and qreq.ivsize are 'unsigned int'. Make change
to use UINT_MAX instead of ULONG_MAX.

Bug: 30515053
CRs-fixed: 1050970
Change-Id: I3782ea7ed2eaacdcad15b34e047a4699bf4f9e4f
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Signed-off-by: Biswajit Paul <biswajitpaul@codeaurora.org>
Signed-off-by: Yueyao (Nathan) Zhu <yueyao@google.com>
---
 drivers/crypto/msm/qcrypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/msm/qcrypto.c b/drivers/crypto/msm/qcrypto.c
index 7cfe1f2936ed..dc878162b35d 100644
--- a/drivers/crypto/msm/qcrypto.c
+++ b/drivers/crypto/msm/qcrypto.c
@@ -1770,12 +1770,12 @@ static int _qcrypto_process_aead(struct  crypto_engine *pengine,
 			 * include  assoicated data, ciphering data stream,
 			 * generated MAC, and CCM padding.
 			 */
-			if ((MAX_ALIGN_SIZE * 2 > ULONG_MAX - req->assoclen) ||
+			if ((MAX_ALIGN_SIZE * 2 > UINT_MAX - req->assoclen) ||
 				((MAX_ALIGN_SIZE * 2 + req->assoclen) >
-						ULONG_MAX - qreq.ivsize) ||
+						UINT_MAX - qreq.ivsize) ||
 				((MAX_ALIGN_SIZE * 2 + req->assoclen
 					+ qreq.ivsize)
-						> ULONG_MAX - req->cryptlen)) {
+						> UINT_MAX - req->cryptlen)) {
 				pr_err("Integer overflow on aead req length.\n");
 				return -EINVAL;
 			}
-- 
GitLab