lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Dec 2019 17:14:20 +0000 From: Jose Abreu <Jose.Abreu@...opsys.com> To: Colin Ian King <colin.king@...onical.com>, "David S. Miller" <davem@...emloft.net>, Giuseppe Cavallaro <peppe.cavallaro@...com>, Alexandre Torgue <alexandre.torgue@...com>, Maxime Coquelin <mcoquelin.stm32@...il.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: net: stmmac: Add basic EST support for GMAC5+ From: Colin Ian King <colin.king@...onical.com> Date: Dec/20/2019, 23:49:02 (UTC+00:00) > Hi, > > Static analysis with Coverity has detected a potential issue with the > following commit: > > commit 504723af0d85434be5fb6f2dde0b62644a7f1ead > Author: Jose Abreu <joabreu@...opsys.com> > Date: Wed Dec 18 11:33:05 2019 +0100 > > net: stmmac: Add basic EST support for GMAC5+ > > > In function dwmac5_est_configure() we have a u64 total_ctr being > assigned as follows: > > total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000; > > The cfg->ctr[1] is a u32, the multiplication of cfg->ctr[1] is a u32 > multiplication operation, so multiplying by 1000000000 can potentially > cause an overflow. Either cfg->ctr[1] needs to be cast to a u64 or > 1000000000 should be at least a 1000000000UL to avoid this overflow. I > was going to fix this but on further inspection I was not sure if the > original code was intended as: > > total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000UL; > or: > total_ctr = (cfg->ctr[0] + cfg->ctr[1]) * 1000000000UL; > > ..hence I'm flagging this up as potential error. Thanks for the report. The first option is the correct one as ctr[1] is seconds and ctr[0] is nanoseconds. Can you send a fix-up patch ? --- Thanks, Jose Miguel Abreu
Powered by blists - more mailing lists