[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 5/7] xz: validate the value before assigning it to an enum variable

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 3 Mar 2022 11:06:31 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rp6zR0202WWrjoyuiwHgeOxRqJmRNX0SFCkPJp8UDMs=; b=UQkA7AkkHXvHbJd9bl9ftagDzlQ6qVK7IjRoUS16KzuCuSTtXhEHpvJmDim8zMjUK/Mfr6oFtpd2dIS/dm+T/6vcgQI1Mx+088/HlMolFZgb5rSol6AaN3pfvdB00tuT6fpHiFs9hx1nEDTyDJxZvM4VFK60NTP1h6aURFfjYXMjYTTacHKEwoU4dnhGsHbhBl8bP3QvM7XQXkHLqmO8hkyfUAWKby32nj89BgkFNegdJVStjcFoEnz3rx0sjaCTTJii7JEVry5BgTWGG75uSz/tM4+GsN5ALqRLkNmHMDarOP32dgX9aT24MsJBrqExKsMagoMzlwJCtIN15Ch0lw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bcbsGsINUwnjpexYhsB6kfOFZPzKjy/psg6sGui8MTOkVx/7Gggvc4/M3EJgjt+QbiiqVHUp7GGnTxJLVkEbw4+ilZDoG0mzn4ioj30T1HuePOixBBtkfgkGsQ+CekAar90cFKoLxe0pwlgg6loza1vMb9LFTKuSzlhDH3ljubjEfFuLR4sf46CSF/UU49kIfFyd40j+Jzl80/u69ktcrGYnPfsuMWmLj/XSx4qdlr4d02/YtkaleK6MsnN7nMgrRBh+KKM/SYDIm0a/0RnOQv8wWTaTbrgY4sxA2Lgcnj3qVEH5KsuKthMT0QEEC4CVIdvmF2Qi4lTh+/S2qSt/Ug==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 03 Mar 2022 10:06:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

This might matter, for example, if the underlying type of enum xz_check
was a signed char. In such a case the validation wouldn't have caught an
unsupported header. I don't know if this problem can occur in the kernel
on any arch but it's still good to fix it because some people might copy
the XZ code to their own projects from Linux instead of the upstream
XZ Embedded repository.

This change may increase the code size by a few bytes. An alternative
would have been to use an unsigned int instead of enum xz_check but
using an enumeration looks cleaner.

Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@xxxxxxxxxx
Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>
[Linux commit: 4f8d7abaa413c34da9d751289849dbfb7c977d05]
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
---
v2: Retain one more S-o-b.

--- a/xen/common/xz/dec_stream.c
+++ b/xen/common/xz/dec_stream.c
@@ -402,12 +402,12 @@ static enum xz_ret __init dec_stream_hea
         * we will accept other check types too, but then the check won't
         * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given.
         */
+       if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
+               return XZ_OPTIONS_ERROR;
+
        s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
 
 #ifdef XZ_DEC_ANY_CHECK
-       if (s->check_type > XZ_CHECK_MAX)
-               return XZ_OPTIONS_ERROR;
-
        if (s->check_type > XZ_CHECK_CRC32)
                return XZ_UNSUPPORTED_CHECK;
 #else

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.