lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180131052948.GA16419@embeddedgus>
Date:   Tue, 30 Jan 2018 23:29:48 -0600
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Ilya Dryomov <idryomov@...il.com>, "Yan, Zheng" <zyan@...hat.com>,
        Sage Weil <sage@...hat.com>,
        "David S. Miller" <davem@...emloft.net>
Cc:     ceph-devel@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: [PATCH] libceph: use 64-bit arithmetic instead of 32-bit

Cast objsetno to u64 in order to give the compiler complete
information about the proper arithmetic to use. Notice
that this variable is used in a context that expects an
expression of type u64 (64 bits, unsigned).

The expression objsetno * sc + stripepos is currently
being evaluated using 32-bit arithmetic.

In general, the use of incorrect arithmetic has security
implications.

Addresses-Coverity-ID: 200686
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
 net/ceph/osdmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 0da27c6..58dc965 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -2183,7 +2183,7 @@ int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
 	stripepos = bl % sc;
 	objsetno = stripeno / su_per_object;
 
-	*ono = objsetno * sc + stripepos;
+	*ono = (u64)objsetno * sc + stripepos;
 	dout("objset %u * sc %u = ono %u\n", objsetno, sc, (unsigned int)*ono);
 
 	/* *oxoff = *off % layout->fl_stripe_unit;  # offset in su */
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ