lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1387352171-3811-1-git-send-email-xiaoqixue_1@163.com>
Date:	Wed, 18 Dec 2013 15:36:11 +0800
From:	xqx12 <s2exqx@...il.com>
To:	giometti@...eenne.com, linux-kernel@...r.kernel.org
Cc:	chyyuu@...il.com, xuyongjiande@...il.com,
	xqx12 <xiaoqixue_1@....com>
Subject: [PATCH] a multiplication overflow in drivers/pps/pps.c

there is an overflow in the following code :

ticks = fdata.timeout.sec * HZ;

while ticks is a signed 64-bit, but the result of fdata.timeout.sec *
HZ will be converted be 32-bit first. So ticks will be a wrong value
after multiplication overflow.

Reported-by: Qixue Xiao <xiaoqixue_1@....com>
Suggested-by: Yongjian Xu <xuyongjiande@...il.com>
Suggested-by: Yu Chen <chyyuu@...il.com>
Signed-off-by: Qixue Xiao <xiaoqixue_1@....com>
---
 drivers/pps/pps.c |    2 +-
 gentags.sh        |    4 +++
 memory_leak.txt   |   88 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100755 gentags.sh
 create mode 100644 memory_leak.txt

diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c
index 2f07cd6..44ddd22 100644
--- a/drivers/pps/pps.c
+++ b/drivers/pps/pps.c
@@ -164,7 +164,7 @@ static long pps_cdev_ioctl(struct file *file,
 			dev_dbg(pps->dev, "timeout %lld.%09d\n",
 					(long long) fdata.timeout.sec,
 					fdata.timeout.nsec);
-			ticks = fdata.timeout.sec * HZ;
+			ticks = (s64)(fdata.timeout.sec) * HZ;
 			ticks += fdata.timeout.nsec / (NSEC_PER_SEC / HZ);
 
 			if (ticks != 0) {
-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ