grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overf

From: Darren Kenny
Subject: Re: [PATCH] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow
Date: Fri, 14 Oct 2022 10:14:27 +0100 
Hi Alec,

This looks good, thanks for fixing it.

On Thursday, 2022-10-13 at 22:13:44 +01, Alec Brown wrote:
> In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 
> 1U
> is a 32-bit unsigned integer. By performing a left shift between these two
> values of different types, there may be potential for an integer overflow. To
> avoid this, we replace 1U with (grub_size_t) 1.
>
> Fixes: CID 307788
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

Thanks,

Darren.

> ---
>  grub-core/disk/cryptodisk.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
>      return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, 
> len)
>           : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>  
> -  for (i = 0; i < len; i += (1U << log_sector_size))
> +  for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
>      {
>        grub_size_t sz = ((dev->cipher->cipher->blocksize
>                        + sizeof (grub_uint32_t) - 1)
> -- 
> 2.27.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]