TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_example / a66caa47b4d952d8e00093ad5548b3209670443d
commita66caa47b4d952d8e00093ad5548b3209670443d[log] [tgz]
authorJoakim Bech <joakim.bech@linaro.org>Mon Jun 08 09:52:58 2020 +0200
committerJérôme Forissier <jerome@forissier.org>Mon Jun 08 19:17:15 2020 +0200
tree83a588af7f71bf3effd883ac27aa0e63440752d5
parentf7f5a3ad2e8601bf2f846992d0b10aae3e3e5530 [diff]
hotp: fix buffer overflow issue

The size for the key to register, provided by non-secure world is never
checked, hence it's possible to do an buffer overflow attack in the
HOTP TA. Add a check to control that the size provided isn't greater
that sizeof(K) fixes the issue.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Ronan Loftus <loftus@riscure.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
1 file changed
tree: 83a588af7f71bf3effd883ac27aa0e63440752d5
  1. acipher/
  2. aes/
  3. hello_world/
  4. hotp/
  5. random/
  6. secure_storage/
  7. .gitignore
  8. Android.mk
  9. CMakeLists.txt
  10. CMakeToolchain.txt
  11. LICENSE
  12. Makefile
  13. README.md
README.md

OP-TEE Sample Applications

This git contains source code for sample host and Trusted Application that can be used directly in the OP-TEE project.

All official OP-TEE documentation has moved to http://optee.readthedocs.io. The information that used to be here in this git can be found under optee_examples.

// OP-TEE core maintainers