[PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
@ 2022-10-14 21:47 Alec Brown
  2022-10-15  9:13 ` Patrick Steinhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Alec Brown @ 2022-10-14 21:47 UTC (permalink / raw)
  To: grub-devel; +Cc: daniel.kiper, alec.r.brown, darren.kenny, development, ps

In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
variable i by (1U << log_sector_size). The variable i is of type grub_size_t
which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and
assigning it to a 64-bit variable, the 64-bit variable may have incorrect values
in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U
with (grub_size_t) 1.

Fixes: CID 307788

Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---

There was a mistake in v1 of the commit message describing the issue in the
code. This version fixes the commit message so that it's accurate.

 grub-core/disk/cryptodisk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 9f5dc7acb..cdcb882ca 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
     return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
 	    : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));

-  for (i = 0; i < len; i += (1U << log_sector_size))
+  for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
     {
       grub_size_t sz = ((dev->cipher->cipher->blocksize
 			 + sizeof (grub_uint32_t) - 1)
-- 
2.27.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
  2022-10-14 21:47 [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow Alec Brown
@ 2022-10-15  9:13 ` Patrick Steinhardt
  2022-10-17 15:32   ` Daniel Kiper
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick Steinhardt @ 2022-10-15  9:13 UTC (permalink / raw)
  To: Alec Brown; +Cc: grub-devel, daniel.kiper, darren.kenny, development

[-- Attachment #1: Type: text/plain, Size: 1644 bytes --]

On Fri, Oct 14, 2022 at 05:47:08PM -0400, Alec Brown wrote:
> In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
> is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and
> assigning it to a 64-bit variable, the 64-bit variable may have incorrect values
> in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U
> with (grub_size_t) 1.
> 
> Fixes: CID 307788
> 
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>

Reviewed-by: Patrick Steinhardt <ps@pks.im>

> ---
> 
> There was a mistake in v1 of the commit message describing the issue in the
> code. This version fixes the commit message so that it's accurate.
> 
>  grub-core/disk/cryptodisk.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
>      return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
>  	    : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>  
> -  for (i = 0; i < len; i += (1U << log_sector_size))
> +  for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
>      {
>        grub_size_t sz = ((dev->cipher->cipher->blocksize
>  			 + sizeof (grub_uint32_t) - 1)
> -- 
> 2.27.0
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
  2022-10-15  9:13 ` Patrick Steinhardt
@ 2022-10-17 15:32   ` Daniel Kiper
  0 siblings, 0 replies; 3+ messages in thread
From: Daniel Kiper @ 2022-10-17 15:32 UTC (permalink / raw)
  To: Patrick Steinhardt
  Cc: Alec Brown, grub-devel, daniel.kiper, darren.kenny, development

On Sat, Oct 15, 2022 at 11:13:09AM +0200, Patrick Steinhardt wrote:
> On Fri, Oct 14, 2022 at 05:47:08PM -0400, Alec Brown wrote:
> > In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> > variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> > which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
> > is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and
> > assigning it to a 64-bit variable, the 64-bit variable may have incorrect values
> > in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U
> > with (grub_size_t) 1.
> >
> > Fixes: CID 307788
> >
> > Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
>
> Reviewed-by: Patrick Steinhardt <ps@pks.im>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-10-17 15:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-14 21:47 [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow Alec Brown
2022-10-15  9:13 ` Patrick Steinhardt
2022-10-17 15:32   ` Daniel Kiper

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.