Merge branch 'stable-3.2' into pandora-3.2

[pandora-kernel.git] / drivers / char / tpm / tpm.c

diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index f7395c4..706c583 100644 (file)
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@@ -879,9 +879,10 @@ ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr,
        ssize_t err;
        int i, rc;
        char *str = buf;
-
        struct tpm_chip *chip = dev_get_drvdata(dev);
 
+       memset(&tpm_cmd, 0, sizeof(tpm_cmd));
+
        tpm_cmd.header.in = tpm_readpubek_header;
        err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE,
                        "attempting to read the PUBEK");
@@ -1113,6 +1114,12 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
                return -EFAULT;
        }
 
+       if (in_size < 6 ||
+           in_size < be32_to_cpu(*((__be32 *) (chip->data_buffer + 2)))) {
+               mutex_unlock(&chip->buffer_mutex);
+               return -EINVAL;
+       }
+
        /* atomic tpm command send and result receive */
        out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
        if (out_size < 0) {