lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <c1b6b4cc-bc94-8ed6-0098-de9e5321722a@canonical.com>
Date:   Fri, 20 Dec 2019 23:49:02 +0000
From:   Colin Ian King <colin.king@...onical.com>
To:     Jose Abreu <joabreu@...opsys.com>,
        "David S. Miller" <davem@...emloft.net>,
        Giuseppe Cavallaro <peppe.cavallaro@...com>,
        Alexandre Torgue <alexandre.torgue@...com>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        netdev@...r.kernel.org,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: net: stmmac: Add basic EST support for GMAC5+

Hi,

Static analysis with Coverity has detected a potential issue with the
following commit:

commit 504723af0d85434be5fb6f2dde0b62644a7f1ead
Author: Jose Abreu <joabreu@...opsys.com>
Date:   Wed Dec 18 11:33:05 2019 +0100

    net: stmmac: Add basic EST support for GMAC5+


In function dwmac5_est_configure() we have a u64 total_ctr being
assigned as follows:

	total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000;

The cfg->ctr[1] is a u32, the multiplication of cfg->ctr[1] is a u32
multiplication operation, so multiplying by 1000000000 can potentially
cause an overflow.  Either cfg->ctr[1] needs to be cast to a u64 or
1000000000 should be at least a 1000000000UL to avoid this overflow. I
was going to fix this but on further inspection I was not sure if the
original code was intended as:

	total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000UL;
or:
	total_ctr = (cfg->ctr[0] + cfg->ctr[1]) * 1000000000UL;

..hence I'm flagging this up as potential error.

Colin




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ