TPM: Call tpm_transmit with correct size
authorPeter Huewe <huewe.external.infineon@googlemail.com>
Thu, 15 Sep 2011 17:37:43 +0000 (14:37 -0300)
committerJames Morris <jmorris@namei.org>
Thu, 22 Sep 2011 23:46:29 +0000 (09:46 +1000)
commit6b07d30aca7e52f2881b8c8c20c8a2cd28e8b3d3
tree58530bdef4c29cb4bf127942428190e9a2756b2c
parentde69113ec1896443c732e8b812e8005fb44eeeeb
TPM: Call tpm_transmit with correct size

This patch changes the call of tpm_transmit by supplying the size of the
userspace buffer instead of TPM_BUFSIZE.

This got assigned CVE-2011-1161.

[The first hunk didn't make sense given one could expect
 way less data than TPM_BUFSIZE, so added tpm_transmit boundary
 check over bufsiz instead
 The last parameter of tpm_transmit() reflects the amount
 of data expected from the device, and not the buffer size
 being supplied to it. It isn't ideal to parse it directly,
 so we just set it to the maximum the input buffer can handle
 and let the userspace API to do such job.]

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
drivers/char/tpm/tpm.c