Re: [PATCH] dm-integrity: check mac_size against HASH_MAX_DIGESTSIZE in sb_mac()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 10, 2024 at 10:52:59AM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> sb_mac() verifies that the superblock + MAC don't exceed 512 bytes.
> Because the superblock is currently 64 bytes, this really verifies
> mac_size <= 448.  This confuses smatch into thinking that mac_size may
> be as large as 448, which is inconsistent with the later code that
> assumes the MAC fits in a buffer of size HASH_MAX_DIGESTSIZE (64).
> 
> In fact mac_size <= HASH_MAX_DIGESTSIZE is guaranteed by the crypto API,
> as that is the whole point of HASH_MAX_DIGESTSIZE.  But, let's be
> defensive and explicitly check for this.  This suppresses the false
> positive smatch warning.  It does not fix an actual bug.
> 
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Closes: https://lore.kernel.org/r/202409061401.44rtN1bh-lkp@xxxxxxxxx/
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---

This works.  Another option would be to just delete the SECTOR_SIZE check, but
this is obviously more conservative.  ;)

regards,
dan carpenter






[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux