[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
|
From: |
Alec Brown |
|
Subject: |
[PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow |
|
Date: |
Thu, 13 Oct 2022 17:13:44 -0400 |
In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
variable i by (1U << log_sector_size). The variable i is of type grub_size_t
which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U
is a 32-bit unsigned integer. By performing a left shift between these two
values of different types, there may be potential for an integer overflow. To
avoid this, we replace 1U with (grub_size_t) 1.
Fixes: CID 307788
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/disk/cryptodisk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 9f5dc7acb..cdcb882ca 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
: grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
- for (i = 0; i < len; i += (1U << log_sector_size))
+ for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
{
grub_size_t sz = ((dev->cipher->cipher->blocksize
+ sizeof (grub_uint32_t) - 1)
--
2.27.0
- [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow,
Alec Brown <=