Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes

2018-03-12 Thread Daniel P . Berrangé 
On Fri, Mar 09, 2018 at 06:27:12PM +0100, Kevin Wolf wrote:
> When you request an image size close to UINT64_MAX, the addition of the
> crypto header may cause an integer overflow. Catch it instead of
> silently truncating the image size.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/crypto.c | 5 +
>  1 file changed, 5 insertions(+)
> 
> diff --git a/block/crypto.c b/block/crypto.c
> index 4908d8627f..1b46519c53 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock 
> *block,
>  {
>  struct BlockCryptoCreateData *data = opaque;
>  
> +if (headerlen > UINT64_MAX - data->size) {
> +error_setg(errp, "The requested file size is too large");
> +return -EFBIG;
> +}
> +
>  /* User provided size should reflect amount of space made
>   * available to the guest, so we must take account of that
>   * which will be used by the crypto header

Reviewed-by: Daniel P. Berrangé 

(if using INT64_MAX as Eric suggests)

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes

2018-03-09 Thread Eric Blake 

On 03/09/2018 11:27 AM, Kevin Wolf wrote:

When you request an image size close to UINT64_MAX, the addition of the
crypto header may cause an integer overflow. Catch it instead of
silently truncating the image size.

Signed-off-by: Kevin Wolf 
---
  block/crypto.c | 5 +
  1 file changed, 5 insertions(+)

diff --git a/block/crypto.c b/block/crypto.c
index 4908d8627f..1b46519c53 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
  {
  struct BlockCryptoCreateData *data = opaque;
  
+if (headerlen > UINT64_MAX - data->size) {


INT64_MAX, please.  We are further bounded by having to fit within off_t 
(signed) rather than uint64_t.



+error_setg(errp, "The requested file size is too large");
+return -EFBIG;
+}
+
  /* User provided size should reflect amount of space made
   * available to the guest, so we must take account of that
   * which will be used by the crypto header



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes

2018-03-09 Thread Kevin Wolf 
When you request an image size close to UINT64_MAX, the addition of the
crypto header may cause an integer overflow. Catch it instead of
silently truncating the image size.

Signed-off-by: Kevin Wolf 
---
 block/crypto.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/block/crypto.c b/block/crypto.c
index 4908d8627f..1b46519c53 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
 {
 struct BlockCryptoCreateData *data = opaque;
 
+if (headerlen > UINT64_MAX - data->size) {
+error_setg(errp, "The requested file size is too large");
+return -EFBIG;
+}
+
 /* User provided size should reflect amount of space made
  * available to the guest, so we must take account of that
  * which will be used by the crypto header
-- 
2.13.6