On Sun, Sep 11, 2016 at 03:51:42PM +0300, Jarkko Sakkinen wrote: > On Sun, Sep 11, 2016 at 03:19:00PM +0300, Jarkko Sakkinen wrote: > > tpm_write() does not check whether the buffer has at least enough space > > for the header before passing it to tpm_transmit() so an overflow can > > happen. > > > > Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> > > This is usable neither as read nor write primitive for an exploit. Still > it makes sense to validate the input here.
Cannot add fixes line for this one as it's from pre-GIT times... /Jarkko
