lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <170155004188.180877.9632245955503394490.b4-ty@chromium.org> Date: Sat, 2 Dec 2023 12:47:23 -0800 From: Kees Cook <keescook@...omium.org> To: Tony Luck <tony.luck@...el.com>, "Guilherme G. Piccoli" <gpiccoli@...lia.com>, linux-hardening@...r.kernel.org, Sergey Shtylyov <s.shtylyov@....ru> Cc: Kees Cook <keescook@...omium.org> Subject: Re: [PATCH] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() On Sun, 05 Nov 2023 23:29:36 +0300, Sergey Shtylyov wrote: > In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return > 64-bit value since persistent_ram_zone::buffer_size has type size_t which > is derived from the 64-bit *unsigned long*, while the ecc_blocks variable > this value gets assigned to has (always 32-bit) *int* type. Even if that > value fits into *int* type, an overflow is still possible when calculating > the size_t typed ecc_total variable further below since there's no cast to > any 64-bit type before multiplication. Declaring the ecc_blocks variable > as *unsigned long* should fix this mess... > > [...] I changed this from unsigned long to size_t, which will do the same thing. Applied to for-linus/pstore, thanks! [1/1] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() https://git.kernel.org/kees/c/c92116e01d32 Take care, -- Kees Cook
Powered by blists - more mailing lists