Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes
On Fri, Mar 09, 2018 at 06:27:12PM +0100, Kevin Wolf wrote: > When you request an image size close to UINT64_MAX, the addition of the > crypto header may cause an integer overflow. Catch it instead of > silently truncating the image size. > > Signed-off-by: Kevin Wolf> --- > block/crypto.c | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/block/crypto.c b/block/crypto.c > index 4908d8627f..1b46519c53 100644 > --- a/block/crypto.c > +++ b/block/crypto.c > @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock > *block, > { > struct BlockCryptoCreateData *data = opaque; > > +if (headerlen > UINT64_MAX - data->size) { > +error_setg(errp, "The requested file size is too large"); > +return -EFBIG; > +} > + > /* User provided size should reflect amount of space made > * available to the guest, so we must take account of that > * which will be used by the crypto header Reviewed-by: Daniel P. Berrangé (if using INT64_MAX as Eric suggests) Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes
On 03/09/2018 11:27 AM, Kevin Wolf wrote: When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: Kevin Wolf--- block/crypto.c | 5 + 1 file changed, 5 insertions(+) diff --git a/block/crypto.c b/block/crypto.c index 4908d8627f..1b46519c53 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, { struct BlockCryptoCreateData *data = opaque; +if (headerlen > UINT64_MAX - data->size) { INT64_MAX, please. We are further bounded by having to fit within off_t (signed) rather than uint64_t. +error_setg(errp, "The requested file size is too large"); +return -EFBIG; +} + /* User provided size should reflect amount of space made * available to the guest, so we must take account of that * which will be used by the crypto header -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes
When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: Kevin Wolf--- block/crypto.c | 5 + 1 file changed, 5 insertions(+) diff --git a/block/crypto.c b/block/crypto.c index 4908d8627f..1b46519c53 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block, { struct BlockCryptoCreateData *data = opaque; +if (headerlen > UINT64_MAX - data->size) { +error_setg(errp, "The requested file size is too large"); +return -EFBIG; +} + /* User provided size should reflect amount of space made * available to the guest, so we must take account of that * which will be used by the crypto header -- 2.13.6