qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH 5/6] luks: Catch integer overflow for huge sizes


From: Eric Blake
Subject: Re: [Qemu-block] [PATCH 5/6] luks: Catch integer overflow for huge sizes
Date: Fri, 9 Mar 2018 14:21:22 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 03/09/2018 11:27 AM, Kevin Wolf wrote:
When you request an image size close to UINT64_MAX, the addition of the
crypto header may cause an integer overflow. Catch it instead of
silently truncating the image size.

Signed-off-by: Kevin Wolf <address@hidden>
---
  block/crypto.c | 5 +++++
  1 file changed, 5 insertions(+)

diff --git a/block/crypto.c b/block/crypto.c
index 4908d8627f..1b46519c53 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
  {
      struct BlockCryptoCreateData *data = opaque;
+ if (headerlen > UINT64_MAX - data->size) {

INT64_MAX, please. We are further bounded by having to fit within off_t (signed) rather than uint64_t.

+        error_setg(errp, "The requested file size is too large");
+        return -EFBIG;
+    }
+
      /* User provided size should reflect amount of space made
       * available to the guest, so we must take account of that
       * which will be used by the crypto header


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



reply via email to

[Prev in Thread] Current Thread [Next in Thread]