Message ID | 20180309172713.26318-6-kwolf@redhat.com |
---|---|
State | New |
Headers | show |
Series | luks: Implement .bdrv_co_create | expand |
On 03/09/2018 11:27 AM, Kevin Wolf wrote: > When you request an image size close to UINT64_MAX, the addition of the > crypto header may cause an integer overflow. Catch it instead of > silently truncating the image size. > > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > block/crypto.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/block/crypto.c b/block/crypto.c > index 4908d8627f..1b46519c53 100644 > --- a/block/crypto.c > +++ b/block/crypto.c > @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, > { > struct BlockCryptoCreateData *data = opaque; > > + if (headerlen > UINT64_MAX - data->size) { INT64_MAX, please. We are further bounded by having to fit within off_t (signed) rather than uint64_t. > + error_setg(errp, "The requested file size is too large"); > + return -EFBIG; > + } > + > /* User provided size should reflect amount of space made > * available to the guest, so we must take account of that > * which will be used by the crypto header >
On Fri, Mar 09, 2018 at 06:27:12PM +0100, Kevin Wolf wrote: > When you request an image size close to UINT64_MAX, the addition of the > crypto header may cause an integer overflow. Catch it instead of > silently truncating the image size. > > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > block/crypto.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/block/crypto.c b/block/crypto.c > index 4908d8627f..1b46519c53 100644 > --- a/block/crypto.c > +++ b/block/crypto.c > @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, > { > struct BlockCryptoCreateData *data = opaque; > > + if (headerlen > UINT64_MAX - data->size) { > + error_setg(errp, "The requested file size is too large"); > + return -EFBIG; > + } > + > /* User provided size should reflect amount of space made > * available to the guest, so we must take account of that > * which will be used by the crypto header Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (if using INT64_MAX as Eric suggests) Regards, Daniel
diff --git a/block/crypto.c b/block/crypto.c index 4908d8627f..1b46519c53 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, { struct BlockCryptoCreateData *data = opaque; + if (headerlen > UINT64_MAX - data->size) { + error_setg(errp, "The requested file size is too large"); + return -EFBIG; + } + /* User provided size should reflect amount of space made * available to the guest, so we must take account of that * which will be used by the crypto header
When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- block/crypto.c | 5 +++++ 1 file changed, 5 insertions(+)