| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2012 09:55:23 -0800 (PST) From: Sage Weil <sage@...dream.net> To: Xi Wang <xi.wang@...il.com> cc: ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] libceph: fix overflow check in crush_decode() Applied these both, thanks! sage On Thu, 16 Feb 2012, Xi Wang wrote: > The existing overflow check (n > ULONG_MAX / b) didn't work, because > n = ULONG_MAX / b would both bypass the check and still overflow the > allocation size a + n * b. > > The correct check should be (n > (ULONG_MAX - a) / b). > > Signed-off-by: Xi Wang <xi.wang@...il.com> > --- > net/ceph/osdmap.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c > index fd863fe..29ad46e 100644 > --- a/net/ceph/osdmap.c > +++ b/net/ceph/osdmap.c > @@ -283,7 +283,8 @@ static struct crush_map *crush_decode(void *pbyval, void *end) > ceph_decode_32_safe(p, end, yes, bad); > #if BITS_PER_LONG == 32 > err = -EINVAL; > - if (yes > ULONG_MAX / sizeof(struct crush_rule_step)) > + if (yes > (ULONG_MAX - sizeof(*r)) > + / sizeof(struct crush_rule_step)) > goto bad; > #endif > r = c->rules[i] = kmalloc(sizeof(*r) + > -- > 1.7.5.4 > > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists