On Fri, Oct 14, 2022 at 05:47:08PM -0400, Alec Brown wrote: > In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the > variable i by (1U << log_sector_size). The variable i is of type grub_size_t > which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, > 1U > is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and > assigning it to a 64-bit variable, the 64-bit variable may have incorrect > values > in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U > with (grub_size_t) 1. > > Fixes: CID 307788 > > Signed-off-by: Alec Brown <alec.r.br...@oracle.com>
Reviewed-by: Patrick Steinhardt <p...@pks.im>
> ---
>
> There was a mistake in v1 of the commit message describing the issue in the
> code. This version fixes the commit message so that it's accurate.
>
> grub-core/disk/cryptodisk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 9f5dc7acb..cdcb882ca 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -239,7 +239,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
> return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data,
> len)
> : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
>
> - for (i = 0; i < len; i += (1U << log_sector_size))
> + for (i = 0; i < len; i += ((grub_size_t) 1 << log_sector_size))
> {
> grub_size_t sz = ((dev->cipher->cipher->blocksize
> + sizeof (grub_uint32_t) - 1)
> --
> 2.27.0
>
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
