Closed jbech-linaro closed 4 years ago
The size for the key to register, provided by non-secure world is never checked, hence it's possible to do an buffer overflow attack in the HOTP TA. Add a check to control that the size provided isn't greater that sizeof(K) fixes the issue.
Signed-off-by: Joakim Bech joakim.bech@linaro.org Reported-by: Ronan Loftus loftus@riscure.com
Squashed, rebased and tag(s) applied (should be) ready for merge! Thanks!
The size for the key to register, provided by non-secure world is never checked, hence it's possible to do an buffer overflow attack in the HOTP TA. Add a check to control that the size provided isn't greater that sizeof(K) fixes the issue.
Signed-off-by: Joakim Bech joakim.bech@linaro.org Reported-by: Ronan Loftus loftus@riscure.com