lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bd627279346a8eb8096371c899325ccfc6fd07d7.camel@yandex.ru>
Date: Thu, 05 Feb 2026 12:17:16 +0300
From: Dmitry Antipov <dmantipov@...dex.ru>
To: Andy Shevchenko <andriy.shevchenko@...el.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>, 
 "Darrick J . Wong"
	 <djwong@...nel.org>, linux-hardening@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 2/5] lib: fix memparse() to handle overflow

On Wed, 2026-02-04 at 16:42 +0200, Andy Shevchenko wrote:

> On Wed, Feb 04, 2026 at 04:57:14PM +0300, Dmitry Antipov wrote:
> > Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now
> > capable to handle overflow, adjust 'memparse()' to handle overflow
> > (denoted by ULLONG_MAX) returned from 'simple_strtoull()'. Also
> > use 'check_shl_overflow()' to catch an overflow possibly caused
> > by processing size suffix and denote it with ULLONG_MAX as well.
> 
> Do we have already test cases to cover this?

In

static const struct cmdline_test_memparse_entry testdata[] = {
        ...
        { "1111111111111111111T",       "",     ULLONG_MAX },
        ...
};

the whole string is valid and so should be recognized by memparse(). Next,
1111111111111111111 fits unsigned long long but 1111111111111111111 << 40
is too large and should be catched by check_shl_overflow().

Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ