Re: [PATCH] crypto: marvell/octeontx - prevent integer overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 08, 2022 at 05:34:42PM +0800, Herbert Xu wrote:
> On Thu, Sep 01, 2022 at 06:32:09PM +0300, Dan Carpenter wrote:
> >
> > @@ -303,7 +304,13 @@ static int process_tar_file(struct device *dev,
> >  	if (get_ucode_type(ucode_hdr, &ucode_type))
> >  		return 0;
> >  
> > -	ucode_size = ntohl(ucode_hdr->code_length) * 2;
> > +	code_length = ntohl(ucode_hdr->code_length);
> > +	if (code_length >= INT_MAX / 2) {
> > +		dev_err(dev, "Invalid code_length %u\n", code_length);
> > +		return -EINVAL;
> > +	}
> > +
> > +	ucode_size = code_length * 2;
> >  	if (!ucode_size || (size < round_up(ucode_size, 16) +
> >  	    sizeof(struct otx_cpt_ucode_hdr) + OTX_CPT_UCODE_SIGN_LEN)) {
> >  		dev_err(dev, "Ucode %s invalid size\n", filename);
> 
> How come you didn't add a "ucode_size > size" check like you did
> below?
> 

I'm really sorry.  This was not my best work at all.  The ucode_size
was a mistake.  It should have just been the check against INT_MAX.

regards,
dan carpenter



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux