Re: [PATCH 2/2] NFSD: harden svcxdr_dupstr() and svcxdr_tmpalloc() against integer overflows

[Dan Carpenter]

On Thu, May 09, 2024 at 09:19:48AM -0400, Chuck Lever wrote:
> On Thu, May 09, 2024 at 01:48:28PM +0300, Dan Carpenter wrote:
> > These lengths come from xdr_stream_decode_u32() and so we should be a
> > bit careful with them.  Use size_add() and struct_size() to avoid
> > integer overflows.  Saving size_add()/struct_size() results to a u32 is
> > unsafe because it truncates away the high bits.
> > 
> > Also generally storing sizes in longs is safer.  Most systems these days
> > use 64 bit CPUs.  It's harder for an addition to overflow 64 bits than
> > it is to overflow 32 bits.  Also functions like vmalloc() can
> > successfully allocate UINT_MAX bytes, but nothing can allocate ULONG_MAX
> > bytes.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > ---
> > I think my patch 1 fixes any real issues.  It's hard to assign a Fixes
> > tag to this.
> 
> I agree that this is a defensive change only. As it is late in the
> cycle and this doesn't seem urgent, I would prefer to queue this
> change for v6.11.
> 

Sounds good.  I would imagine that eventually it will make its way back
to the stable kernels but it's not a rush.

regards,
dan carpenter