|
| From: | Eric Blake |
| Subject: | Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes |
| Date: | Fri, 9 Mar 2018 14:21:22 -0600 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
On 03/09/2018 11:27 AM, Kevin Wolf wrote:
When you request an image size close to UINT64_MAX, the addition of the
crypto header may cause an integer overflow. Catch it instead of
silently truncating the image size.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/crypto.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/block/crypto.c b/block/crypto.c
index 4908d8627f..1b46519c53 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
{
struct BlockCryptoCreateData *data = opaque;
+ if (headerlen > UINT64_MAX - data->size) {
INT64_MAX, please. We are further bounded by having to fit within off_t (signed) rather than uint64_t.
+ error_setg(errp, "The requested file size is too large");
+ return -EFBIG;
+ }
+
/* User provided size should reflect amount of space made
* available to the guest, so we must take account of that
* which will be used by the crypto header
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
| [Prev in Thread] | Current Thread | [Next in Thread] |