Hi Ahmad,
Just answering to what I don't immediately apply for v2:
On 2025-10-22 12:00, Ahmad Fatoum wrote:
+/*
+ * Retrieve length of header+TLVs (offset of spki hash part of signature if
available)
+ */
+
+static inline size_t tlv_spki_hash_offset(const struct tlv_header *header)
+{
+ size_t ret = size_add(sizeof(struct tlv_header),
get_unaligned_be32(&header->length_tlv));
return ret; /* SIZE_MAX on overflow */
Shouldn't you then check for SIZE_MAX at callsites?
I chose not to implement this check in all places using those
size/offset helpers.
In "[PATCH 01/15] common: clean up TLV code", I check early in the TLV
handling, that tlv_total_len() doesn't overflow. Later on, it is
guaranteed that calls to tlv_total_len(), tlv_spki_hash_offset() and the
such cannot overflow.
If I where to check at callsites of tlv_spki_hash_offset() I'd need to
check at all callsites of all TLV size/offset helperss, which seemed
unnecessary.
What do you think?
Regards,
Jonas
--
Pengutronix e.K. | Jonas Rebmann |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |
