From ec0d507ed24e513ae10f4f384e052a42cc964c56 Mon Sep 17 00:00:00 2001
From: Jakub Pawlowski <jpawlowski@google.com>
Date: Mon, 16 Mar 2020 12:09:15 +0100
Subject: [PATCH] Fix potential stack overflow caused by integer overflow

Bug: 151155194
Merged-In: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
Change-Id: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
---
 stack/crypto_toolbox/aes_cmac.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stack/crypto_toolbox/aes_cmac.cc b/stack/crypto_toolbox/aes_cmac.cc
index 8b8246e87..c90b80ce1 100644
--- a/stack/crypto_toolbox/aes_cmac.cc
+++ b/stack/crypto_toolbox/aes_cmac.cc
@@ -180,7 +180,8 @@ static void cmac_generate_subkey(const Octet16& key) {
  *  length - length of the input in byte.
  */
 Octet16 aes_cmac(const Octet16& key, const uint8_t* input, uint16_t length) {
-  uint16_t len, diff;
+  uint32_t len;
+  uint16_t diff;
   /* n is number of rounds */
   uint16_t n = (length + OCTET16_LEN - 1) / OCTET16_LEN;
 
-- 
2.11.0