From: Greg KH <gregkh@linuxfoundation.org>
To: Peter Huewe <peterhuewe@gmx.de>
Cc: Ashley Lai <ashley@ashleylai.com>,
Rajiv Andrade <mail@srajiv.net>,
Marcel Selhorst <tpmdd@selhorst.net>,
tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] tpm/tpm_i2c_stm_st33: Check return code of get_burstcount (fix CID: 986658)
Date: Tue, 29 Oct 2013 17:06:18 -0700 [thread overview]
Message-ID: <20131030000618.GA5241@kroah.com> (raw)
In-Reply-To: <1383090860-15901-1-git-send-email-peterhuewe@gmx.de>
On Wed, Oct 30, 2013 at 12:54:20AM +0100, Peter Huewe wrote:
> Coverity complains about
> "Improper use of negative value
> The negative value may be unexpected by later operations, causing
> incorrect computations.
> In tpm_stm_i2c_send: Negative value can be returned from function is not
> being checked before being used improperly (CWE-394)"
>
> The 'get_burstcount' function can in some circumstances 'return -EBUSY' which
> in tpm_stm_i2c_send is stored in an 'u32 burstcnt'
> thus converting the signed value into an unsigned value, resulting
> in 'burstcnt' being huge.
> Changing the type to u32 only does not solve the problem as the signed
> value is converted to an unsigned in I2C_WRITE_DATA, resulting in the
> same effect.
>
> Thus
> -> Change type of burstcnt to u32 (the return type of get_burstcount)
> -> Add a check for the return value of 'get_burstcount' and propagate a
> potential error.
>
> This makes also sense in the 'I2C_READ_DATA' case, where the there is no
> signed/unsigned conversion.
>
> CID: 986658
What is this field for?
thanks,
greg k-h
next prev parent reply other threads:[~2013-10-30 0:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-29 23:54 [PATCH] tpm/tpm_i2c_stm_st33: Check return code of get_burstcount (fix CID: 986658) Peter Huewe
2013-10-30 0:06 ` Greg KH [this message]
2013-10-30 0:42 ` Peter Hüwe
2013-10-30 3:07 ` Greg KH
2013-10-30 19:38 ` Peter Hüwe
2013-11-04 3:44 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131030000618.GA5241@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ashley@ashleylai.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=peterhuewe@gmx.de \
--cc=stable@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@selhorst.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox