| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Sep 2021 16:06:41 +0800
From: Bixuan Cui <cuibixuan@...wei.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
CC: bpf <bpf@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
john fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>
Subject: Re: [PATCH -next] bpf: Add oversize check before call kvcalloc()
On 2021/9/9 12:57, Andrii Nakryiko wrote:
>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>> index 047ac4b4703b..2a3955359156 100644
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -9912,6 +9912,8 @@ static int check_btf_line(struct bpf_verifier_env *env,
>> nr_linfo = attr->line_info_cnt;
>> if (!nr_linfo)
>> return 0;
>> + if (nr_linfo * sizeof(struct bpf_line_info) > INT_MAX)
>> + return -EINVAL;
> I might be missing something, but on 64-bit architecture this can't
> overflow (because u32 is multiplied by fixed small sizeof()). And on
> 32-bit architecture if it overflows you won't catch it... So did you
> mean to do:
>
> if (nr_lifo > INT_MAX / sizeof(struct bpf_line_info))
> return -EINVAL;
>
> ?
On 64-bit architecture, the value of INT_MAX may be equal to the 32-bit.
I get the same question: https://stackoverflow.com/questions/9257065/int-max-in-32-bit-vs-64-bit-environment
And 'if (nr_lifo > INT_MAX / sizeof(struct bpf_line_info))' is correct on 32-bit architecture ;)
Thanks,
Bixuan Cui
>
Powered by blists - more mailing lists