lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 21 Dec 2017 22:54:18 +0100
From:   Vasyl Gomonovych <gomonovych@...il.com>
To:     serge@...lyn.com
Cc:     Vasyl Gomonovych <gomonovych@...il.com>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
        James Morris <james.l.morris@...cle.com>,
        linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v2] ima: Fix warn potential negative subtraction from max

Found by smatch:
security/integrity/ima/ima_queue.c:122 ima_add_digest_entry() warn:
potential negative subtraction from max '(~0)- size'

Signed-off-by: Vasyl Gomonovych <gomonovych@...il.com>
---
This minor change remove smatch warning but 
I don't think that before change it was vulnerable, 
motivation for this patch was smatch report.

Changelog:
 - v2: change get_binary_runtime_size return type

 security/integrity/ima/ima_queue.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index a02a86d51102..3d5f981b8453 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -74,9 +74,9 @@ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value,
  * binary_runtime_measurement list entry, which contains a
  * couple of variable length fields (e.g template name and data).
  */
-static int get_binary_runtime_size(struct ima_template_entry *entry)
+static unsigned int get_binary_runtime_size(struct ima_template_entry *entry)
 {
-	int size = 0;
+	unsigned int size = 0;
 
 	size += sizeof(u32);	/* pcr */
 	size += sizeof(entry->digest);
@@ -116,7 +116,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry,
 	}
 
 	if (binary_runtime_size != ULONG_MAX) {
-		int size;
+		unsigned int size;
 
 		size = get_binary_runtime_size(entry);
 		binary_runtime_size = (binary_runtime_size < ULONG_MAX - size) ?
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ