[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer ov
From: |
Patrick Steinhardt |
Subject: |
Re: [PATCH v2] grub-core/disk/cryptodisk.c: Fix unintentional integer overflow |
Date: |
Sat, 15 Oct 2022 11:13:09 +0200 |
On Fri, Oct 14, 2022 at 05:47:08PM -0400, Alec Brown wrote:
> In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the
> variable i by (1U << log_sector_size). The variable i is of type grub_size_t
> which is a 64-bit unsigned integer on x86_64 architecture. On the other hand,
> 1U
> is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and
> assigning it to a 64-bit variable, the 64-bit variable may have incorrect
> values
> in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U
> with (grub_size_t) 1.
>
> Fixes: CID 307788
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
> ---
>
> There was a mistake in v1 of the commit message describing the issue in the
> code. This version fixes the commit message so that it's accurate.
>
> grub-core/disk/cryptodisk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
> return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data,
> len)
> : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>
> - for (i = 0; i < len; i += (1U << log_sector_size))
> + for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
> {
> grub_size_t sz = ((dev->cipher->cipher->blocksize
> + sizeof (grub_uint32_t) - 1)
> --
> 2.27.0
>
signature.asc
Description: PGP signature