[PATCH 1/2] SUNRPC: prevent integer overflow in XDR_QUADLEN()

From: Dan Carpenter
Date: Thu May 09 2024 - 06:48:27 EST

Next message: Krzysztof Kozlowski: "[PATCH] ARM: dts: ti: align panel timings node name with dtschema"
Previous message: Krzysztof Kozlowski: "[PATCH] ARM: dts: vt8500: align panel timings node name with dtschema"
In reply to: Dan Carpenter: "[PATCH 0/2] NFSD: prevent integer overflows"
Next in thread: kernel test robot: "Re: [PATCH 1/2] SUNRPC: prevent integer overflow in XDR_QUADLEN()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The "l + 3" addition can have integer overflow on 32 bit systems
when it is used in __xdr_inline_decode(). The overflowed value
would be zero and the check "nwords > xdr->nwords" would not work
as intended.

Fixes: ba8e452a4fe6 ("SUNRPC: Add a helper function xdr_inline_peek")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
include/linux/sunrpc/xdr.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index 2f8dc47f1eb0..585059f2afca 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -14,6 +14,7 @@
#include <linux/uio.h>
#include <asm/byteorder.h>
#include <asm/unaligned.h>
+#include <linux/overflow.h>
#include <linux/scatterlist.h>

struct bio_vec;
@@ -29,7 +30,7 @@ struct rpc_rqst;
/*
* Buffer adjustment
*/
-#define XDR_QUADLEN(l) (((l) + 3) >> 2)
+#define XDR_QUADLEN(l) (size_add(l, 3) >> 2)

/*
* Generic opaque `network object.'
--
2.43.0

Next message: Krzysztof Kozlowski: "[PATCH] ARM: dts: ti: align panel timings node name with dtschema"
Previous message: Krzysztof Kozlowski: "[PATCH] ARM: dts: vt8500: align panel timings node name with dtschema"
In reply to: Dan Carpenter: "[PATCH 0/2] NFSD: prevent integer overflows"
Next in thread: kernel test robot: "Re: [PATCH 1/2] SUNRPC: prevent integer overflow in XDR_QUADLEN()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]