| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <79582844-3178-451c-822e-a692bfd27e9c@moroto.mountain>
Date: Mon, 10 Jul 2023 12:56:30 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Linke Li <lilinke99@...mail.com>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Jan Kara <jack@...e.cz>, Linke Li <lilinke99@...il.com>
Subject: Re: [PATCH] isofs: fix undefined behavior in iso_date()
It looks like maybe there is an issue with "year" as well.
fs/isofs/util.c
19 int iso_date(u8 *p, int flag)
20 {
21 int year, month, day, hour, minute, second, tz;
22 int crtime;
23
24 year = p[0];
^^^^^
year is 0-255.
25 month = p[1];
26 day = p[2];
27 hour = p[3];
28 minute = p[4];
29 second = p[5];
30 if (flag == 0) tz = p[6]; /* High sierra has no time zone */
31 else tz = 0;
32
33 if (year < 0) {
^^^^^^^^
But this checks year for < 0 which is impossible. Should it be:
year = (signed char)p[0];?
34 crtime = 0;
35 } else {
36 crtime = mktime64(year+1900, month, day, hour, minute, second);
37
38 /* sign extend */
39 if (tz & 0x80)
40 tz |= (-1 << 8);
41
42 /*
regards,
dan carpenter
Powered by blists - more mailing lists