Re: [PATCH 1/2] Revert "UBIFS: Fix potential integer overflow in allocation"

From: Kees Cook
Date: Mon Jul 02 2018 - 17:44:28 EST

On Mon, Jul 2, 2018 at 2:41 PM, Richard Weinberger <richard@xxxxxx> wrote:
> Am Montag, 2. Juli 2018, 20:27:00 CEST schrieb Kees Cook:
>> > Let's queue another patch for the next merge window which converts
>> > kmalloc() -> kmalloc_array().
>> I'd prefer to leave it as-is for 4.18 because it would be the only
>> unconverted kmalloc()-with-multiplication in the entire tree. We did
>> treewide conversions and a revert would be undoing that here. (The
>> scripts that check for this case would run "clean" for 4.18.)
>> So, this gets back to the question of the int vs u32: if you just
>> didn't revert this patch, then the kmalloc_array() would stand too.
>> Easy! :)
> I can queue the kmalloc_array() conversion on top of the revert.
> But TBH, using kmalloc_array() here is just ridiculous, we allocate
> dn->size times 2 where dn->size is at most 4k.

Right, I don't think this spot still suddenly become vulnerable again,
but it'll generate the same machine code (since one arg is a constant
value), and then static checkers never have to flag on it again. :)



Kees Cook
Pixel Security