lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YoUzFm9kL13oQi0K@sol.localdomain>
Date:   Wed, 18 May 2022 10:55:34 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Zhang Jianhua <chris.zjh@...wei.com>
Cc:     tytso@....edu, linux-fscrypt@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] fs-verity: Use struct_size() helper in
 enable_verity()

On Wed, May 18, 2022 at 02:13:09PM +0800, Zhang Jianhua wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows
> that, in the worst scenario, could lead to heap overflows.
> 
> Also, address the following sparse warnings:
> fs/verity/enable.c:205:28: warning: using sizeof on a flexible structure
> 
> Signed-off-by: Zhang Jianhua <chris.zjh@...wei.com>
> ---
>  fs/verity/enable.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/verity/enable.c b/fs/verity/enable.c
> index f75d2c010f36..075dc0aa5416 100644
> --- a/fs/verity/enable.c
> +++ b/fs/verity/enable.c
> @@ -201,7 +201,7 @@ static int enable_verity(struct file *filp,
>  	const struct fsverity_operations *vops = inode->i_sb->s_vop;
>  	struct merkle_tree_params params = { };
>  	struct fsverity_descriptor *desc;
> -	size_t desc_size = sizeof(*desc) + arg->sig_size;
> +	size_t desc_size = struct_size(desc, signature, arg->sig_size);
>  	struct fsverity_info *vi;
>  	int err;

This patch is a bit more useful than the other one, as the validation of
->sig_size happens in a different function.  But it still happens.  So please
don't claim that this patch is fixing a heap overflow.  People use commit
messages to determine whether patches are fixing something, and how important
the fix is.  So if it's a cleanup (not a bug fix), write that.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ