From: Jarkko Sakkinen <jarkko@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/7] lib: Fix a couple of potential signed oveflows
Date: Sun, 24 Aug 2025 02:25:44 +0300 [thread overview]
Message-ID: <aKpN-NuTets9EExp@kernel.org> (raw)
In-Reply-To: <20250822142215.2475014-2-dhowells@redhat.com>
On Fri, Aug 22, 2025 at 03:22:08PM +0100, David Howells wrote:
> Fix keyctl_read_alloc() to check for a potential unsigned overflow when we
> allocate a buffer with an extra byte added on the end for a NUL.
>
> Fix keyctl_dh_compute_alloc() for the same thing.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
> keyutils.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/keyutils.c b/keyutils.c
> index 37b6cc3..fd02cda 100644
> --- a/keyutils.c
> +++ b/keyutils.c
> @@ -18,6 +18,7 @@
> #include <dlfcn.h>
> #include <sys/uio.h>
> #include <errno.h>
> +#include <limits.h>
> #include <asm/unistd.h>
> #include "keyutils.h"
>
> @@ -442,6 +443,8 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer)
> return -1;
>
> for (;;) {
> + if (ret == LONG_MAX)
> + return -EFBIG; /* Don't let buflen+1 overflow. */
> buflen = ret;
> buf = malloc(buflen + 1);
> if (!buf)
> @@ -515,6 +518,8 @@ int keyctl_dh_compute_alloc(key_serial_t priv, key_serial_t prime,
> if (ret < 0)
> return -1;
>
> + if (ret == LONG_MAX)
> + return -EFBIG; /* Don't let buflen+1 overflow. */
> buflen = ret;
> buf = malloc(buflen + 1);
> if (!buf)
>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
next prev parent reply other threads:[~2025-08-23 23:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 14:22 [PATCH 0/7] keyutils: Add some fixes and updates David Howells
2025-08-22 14:22 ` [PATCH 1/7] lib: Fix a couple of potential signed oveflows David Howells
2025-08-23 23:25 ` Jarkko Sakkinen [this message]
2025-08-22 14:22 ` [PATCH 2/7] request-key: Fix mishandling of last line of config file David Howells
2025-08-23 23:59 ` Jarkko Sakkinen
2025-11-19 15:53 ` David Howells
2025-08-22 14:22 ` [PATCH 3/7] test: Hide endianness David Howells
2025-08-22 14:22 ` [PATCH 4/7] tests: Add skips for testing of unsupported features David Howells
2025-08-22 14:22 ` [PATCH 5/7] request-key: Add help text David Howells
2025-08-24 0:03 ` Jarkko Sakkinen
2025-08-22 14:22 ` [PATCH 6/7] request-key: Add a simpler debug test David Howells
2025-08-24 0:04 ` Jarkko Sakkinen
2025-08-22 14:22 ` [PATCH 7/7] request-key: Support the promised multiwildcard matching David Howells
2025-08-24 0:05 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKpN-NuTets9EExp@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox