Re: [PATCH 2/2] NFSD: harden svcxdr_dupstr() and svcxdr_tmpalloc() against integer overflows

From: Dan Carpenter
Date: Thu May 09 2024 - 09:26:44 EST


On Thu, May 09, 2024 at 09:19:48AM -0400, Chuck Lever wrote:
> On Thu, May 09, 2024 at 01:48:28PM +0300, Dan Carpenter wrote:
> > These lengths come from xdr_stream_decode_u32() and so we should be a
> > bit careful with them. Use size_add() and struct_size() to avoid
> > integer overflows. Saving size_add()/struct_size() results to a u32 is
> > unsafe because it truncates away the high bits.
> >
> > Also generally storing sizes in longs is safer. Most systems these days
> > use 64 bit CPUs. It's harder for an addition to overflow 64 bits than
> > it is to overflow 32 bits. Also functions like vmalloc() can
> > successfully allocate UINT_MAX bytes, but nothing can allocate ULONG_MAX
> > bytes.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > ---
> > I think my patch 1 fixes any real issues. It's hard to assign a Fixes
> > tag to this.
>
> I agree that this is a defensive change only. As it is late in the
> cycle and this doesn't seem urgent, I would prefer to queue this
> change for v6.11.
>

Sounds good. I would imagine that eventually it will make its way back
to the stable kernels but it's not a rush.

regards,
dan carpenter