| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Dec 2023 11:59:52 +0300 From: Sergey Shtylyov <s.shtylyov@....ru> To: Kees Cook <keescook@...omium.org>, Tony Luck <tony.luck@...el.com>, "Guilherme G. Piccoli" <gpiccoli@...lia.com>, <linux-hardening@...r.kernel.org> Subject: Re: [PATCH] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() On 12/2/23 11:47 PM, Kees Cook wrote: [...] >> In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return >> 64-bit value since persistent_ram_zone::buffer_size has type size_t which >> is derived from the 64-bit *unsigned long*, while the ecc_blocks variable >> this value gets assigned to has (always 32-bit) *int* type. Even if that >> value fits into *int* type, an overflow is still possible when calculating >> the size_t typed ecc_total variable further below since there's no cast to >> any 64-bit type before multiplication. Declaring the ecc_blocks variable >> as *unsigned long* should fix this mess... >> >> [...] > > I changed this from unsigned long to size_t, which will do the same thing. Not quite the same. And ecc_blocks is a block count, not a byte count, so size_t doesn't seem appropriate... > Applied to for-linus/pstore, thanks! > > [1/1] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() > https://git.kernel.org/kees/c/c92116e01d32 > > Take care, Thanks anyway. :-) MBR, Sergey
Powered by blists - more mailing lists