diff options
-rw-r--r-- | src/vendorcode/google/chromeos/vboot_wrapper.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/vendorcode/google/chromeos/vboot_wrapper.c b/src/vendorcode/google/chromeos/vboot_wrapper.c index 5611451654..5aa0066944 100644 --- a/src/vendorcode/google/chromeos/vboot_wrapper.c +++ b/src/vendorcode/google/chromeos/vboot_wrapper.c @@ -225,9 +225,13 @@ VbError_t VbExTpmOpen(void) VbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, uint8_t *response, uint32_t *response_length) { - if (gcontext->tis_sendrecv(request, request_length, - response, response_length)) + size_t len = *response_length; + if (gcontext->tis_sendrecv(request, request_length, response, &len)) return VBERROR_UNKNOWN; + /* check 64->32bit overflow and (re)check response buffer overflow */ + if (len > *response_length) + return VBERROR_UNKNOWN; + *response_length = len; return VBERROR_SUCCESS; } |