* [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
@ 2022-10-13 21:13 Alec Brown
2022-10-14 9:14 ` Darren Kenny
0 siblings, 1 reply; 2+ messages in thread
From: Alec Brown @ 2022-10-13 21:13 UTC (permalink / raw)
To: grub-devel; +Cc: daniel.kiper, alec.r.brown, darren.kenny, development, ps
In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
variable i by (1U << log_sector_size). The variable i is of type grub_size_t
which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
is a 32-bit unsigned integer. By performing a left shift between these two
values of different types, there may be potential for an integer overflow. To
avoid this, we replace 1U with (grub_size_t) 1.
Fixes: CID 307788
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/disk/cryptodisk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 9f5dc7acb..cdcb882ca 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
: grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
- for (i = 0; i < len; i += (1U << log_sector_size))
+ for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
{
grub_size_t sz = ((dev->cipher->cipher->blocksize
+ sizeof (grub_uint32_t) - 1)
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
2022-10-13 21:13 [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow Alec Brown
@ 2022-10-14 9:14 ` Darren Kenny
0 siblings, 0 replies; 2+ messages in thread
From: Darren Kenny @ 2022-10-14 9:14 UTC (permalink / raw)
To: Alec Brown, grub-devel@gnu.org
Cc: Daniel Kiper, Alec Brown, development@efficientek.com, ps@pks.im
Hi Alec,
This looks good, thanks for fixing it.
On Thursday, 2022-10-13 at 22:13:44 +01, Alec Brown wrote:
> In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
> is a 32-bit unsigned integer. By performing a left shift between these two
> values of different types, there may be potential for an integer overflow. To
> avoid this, we replace 1U with (grub_size_t) 1.
>
> Fixes: CID 307788
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Thanks,
Darren.
> ---
> grub-core/disk/cryptodisk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
> return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
> : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>
> - for (i = 0; i < len; i += (1U << log_sector_size))
> + for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
> {
> grub_size_t sz = ((dev->cipher->cipher->blocksize
> + sizeof (grub_uint32_t) - 1)
> --
> 2.27.0
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-14 9:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-13 21:13 [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow Alec Brown
2022-10-14 9:14 ` Darren Kenny
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.