@@ -393,19 +393,16 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
unsigned long stop;
bool need_locality;
- if (!tpm_validate_command(chip, space, buf, bufsiz))
+ if (!tpm_validate_command(chip, space, buf, bufvalid))
return -EINVAL;
- if (bufsiz > TPM_BUFSIZE)
- bufsiz = TPM_BUFSIZE;
-
count = be32_to_cpu(*((__be32 *) (buf + 2)));
ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
if (count == 0)
return -ENODATA;
- if (count > bufsiz || count > bufvalid) {
+ if (count > bufvalid) {
dev_err(&chip->dev,
- "invalid count value %x %zx\n", count, bufsiz);
+ "invalid count value %x %zx\n", count, bufvalid);
return -E2BIG;
}
bufsiz contains the length of the buffer, whereas bufvalid contains the number of valid bytes within the buffer. Therefore, bufvalid should be used as a limit when reading from the buffer and bufsize when writing to it. Cc: stable@vger.kernel.org Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> --- drivers/char/tpm/tpm-interface.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)