1. Patchew
  2. QEMU
  3. [Qemu-devel] [PULL 00/41] Block layer patches
  4. View patch

[Qemu-devel] [PULL 26/41] luks: Catch integer overflow for huge sizes

Kevin Wolf posted 41 patches 7 years, 1 month ago
There is a newer version of this series
[Qemu-devel] [PULL 26/41] luks: Catch integer overflow for huge sizes
Posted by Kevin Wolf 7 years, 1 month ago 
When you request an image size close to UINT64_MAX, the addition of the
crypto header may cause an integer overflow. Catch it instead of
silently truncating the image size.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 block/crypto.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/block/crypto.c b/block/crypto.c
index 00fb40c631..e0b8856f74 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
 {
     struct BlockCryptoCreateData *data = opaque;
 
+    if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
+        error_setg(errp, "The requested file size is too large");
+        return -EFBIG;
+    }
+
     /* User provided size should reflect amount of space made
      * available to the guest, so we must take account of that
      * which will be used by the crypto header
-- 
2.13.6

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.