lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 30 Jun 2020 17:43:50 +0300
From:   Tariq Toukan <tariqt@...lanox.com>
To:     Colin King <colin.king@...onical.com>,
        Boris Pismenny <borisp@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "David S . Miller" <davem@...emloft.net>,
        Saeed Mahameed <saeedm@...lanox.com>, netdev@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] net/tls: fix sign extension issue when left
 shifting u16 value



On 6/30/2020 5:27 PM, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
> 
> Left shifting the u16 value promotes it to a int and then it
> gets sign extended to a u64.  If len << 16 is greater than 0x7fffffff
> then the upper bits get set to 1 because of the implicit sign extension.
> Fix this by casting len to u64 before shifting it.
> 
> Addresses-Coverity: ("integer handling issues")
> Fixes: ed9b7646b06a ("net/tls: Add asynchronous resync")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>   include/net/tls.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/net/tls.h b/include/net/tls.h
> index c875c0a445a6..e5dac7e74e79 100644
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -637,7 +637,7 @@ tls_offload_rx_resync_async_request_start(struct sock *sk, __be32 seq, u16 len)
>   	struct tls_offload_context_rx *rx_ctx = tls_offload_ctx_rx(tls_ctx);
>   
>   	atomic64_set(&rx_ctx->resync_async->req, ((u64)ntohl(seq) << 32) |
> -		     (len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
> +		     ((u64)len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
>   	rx_ctx->resync_async->loglen = 0;
>   }
>   
> 

Reviewed-by: Tariq Toukan <tariqt@...lanox.com>
Thanks!

Powered by blists - more mailing lists