lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20231123100627.20739-1-abelova@astralinux.ru>
Date:   Thu, 23 Nov 2023 13:06:27 +0300
From:   Anastasia Belova <abelova@...ralinux.ru>
To:     Anders Larsen <al@...rsen.net>
Cc:     Anastasia Belova <abelova@...ralinux.ru>,
        linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: [PATCH] qnx4: add upcasting to avoid overflow

To avoid possible integer overflow in qnx4_statfs
cast literal to unsigned long. Otherwise multiplication
of two u32 may give a value that is outside of the range.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Anastasia Belova <abelova@...ralinux.ru>
---
 fs/qnx4/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
index 6eb9bb369b57..4be8dba60567 100644
--- a/fs/qnx4/inode.c
+++ b/fs/qnx4/inode.c
@@ -133,7 +133,7 @@ static int qnx4_statfs(struct dentry *dentry, struct kstatfs *buf)
 
 	buf->f_type    = sb->s_magic;
 	buf->f_bsize   = sb->s_blocksize;
-	buf->f_blocks  = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8;
+	buf->f_blocks  = le32_to_cpu(qnx4_sb(sb)->BitMap->di_size) * 8ul;
 	buf->f_bfree   = qnx4_count_free_blocks(sb);
 	buf->f_bavail  = buf->f_bfree;
 	buf->f_namelen = QNX4_NAME_MAX;
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ