From: Darren Kenny <darren.kenny@oracle.com>
To: Alec Brown <alec.r.brown@oracle.com>,
"grub-devel@gnu.org" <grub-devel@gnu.org>
Cc: Daniel Kiper <daniel.kiper@oracle.com>,
Alec Brown <alec.r.brown@oracle.com>,
"development@efficientek.com" <development@efficientek.com>,
"ps@pks.im" <ps@pks.im>
Subject: Re: [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
Date: Fri, 14 Oct 2022 10:14:27 +0100 [thread overview]
Message-ID: <m2ilkmbwcs.fsf@oracle.com> (raw)
In-Reply-To: <1665695624-28755-1-git-send-email-alec.r.brown@oracle.com>
Hi Alec,
This looks good, thanks for fixing it.
On Thursday, 2022-10-13 at 22:13:44 +01, Alec Brown wrote:
> In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
> is a 32-bit unsigned integer. By performing a left shift between these two
> values of different types, there may be potential for an integer overflow. To
> avoid this, we replace 1U with (grub_size_t) 1.
>
> Fixes: CID 307788
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Thanks,
Darren.
> ---
> grub-core/disk/cryptodisk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
> return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
> : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>
> - for (i = 0; i < len; i += (1U << log_sector_size))
> + for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
> {
> grub_size_t sz = ((dev->cipher->cipher->blocksize
> + sizeof (grub_uint32_t) - 1)
> --
> 2.27.0
prev parent reply other threads:[~2022-10-14 9:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 21:13 [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow Alec Brown
2022-10-14 9:14 ` Darren Kenny [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ilkmbwcs.fsf@oracle.com \
--to=darren.kenny@oracle.com \
--cc=alec.r.brown@oracle.com \
--cc=daniel.kiper@oracle.com \
--cc=development@efficientek.com \
--cc=grub-devel@gnu.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.