lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 26 Dec 2019 17:14:20 +0000
From:   Jose Abreu <Jose.Abreu@...opsys.com>
To:     Colin Ian King <colin.king@...onical.com>,
        "David S. Miller" <davem@...emloft.net>,
        Giuseppe Cavallaro <peppe.cavallaro@...com>,
        Alexandre Torgue <alexandre.torgue@...com>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: net: stmmac: Add basic EST support for GMAC5+

From: Colin Ian King <colin.king@...onical.com>
Date: Dec/20/2019, 23:49:02 (UTC+00:00)

> Hi,
> 
> Static analysis with Coverity has detected a potential issue with the
> following commit:
> 
> commit 504723af0d85434be5fb6f2dde0b62644a7f1ead
> Author: Jose Abreu <joabreu@...opsys.com>
> Date:   Wed Dec 18 11:33:05 2019 +0100
> 
>     net: stmmac: Add basic EST support for GMAC5+
> 
> 
> In function dwmac5_est_configure() we have a u64 total_ctr being
> assigned as follows:
> 
> 	total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000;
> 
> The cfg->ctr[1] is a u32, the multiplication of cfg->ctr[1] is a u32
> multiplication operation, so multiplying by 1000000000 can potentially
> cause an overflow.  Either cfg->ctr[1] needs to be cast to a u64 or
> 1000000000 should be at least a 1000000000UL to avoid this overflow. I
> was going to fix this but on further inspection I was not sure if the
> original code was intended as:
> 
> 	total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000UL;
> or:
> 	total_ctr = (cfg->ctr[0] + cfg->ctr[1]) * 1000000000UL;
> 
> ..hence I'm flagging this up as potential error.

Thanks for the report. The first option is the correct one as ctr[1] is 
seconds and ctr[0] is nanoseconds. Can you send a fix-up patch ?

---
Thanks,
Jose Miguel Abreu

Powered by blists - more mailing lists