Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp925831pxb; Sun, 10 Oct 2021 15:23:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwEe043omaE3nvaHEH9q8gl08rUKCq9yxtnGwFtFtaUMwrZUoVSxxDoMO4xW0bCOTsgveg0 X-Received: by 2002:a05:6402:50d0:: with SMTP id h16mr35715354edb.303.1633904625417; Sun, 10 Oct 2021 15:23:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633904625; cv=none; d=google.com; s=arc-20160816; b=s9Nq1BWi1pFDqz2UvZm5+KZfvs3zr3/QQENqo3e1m1h/mLQXky+cyUWWqZnEGhMUA7 IxZLjy7cJscb62fMxSbegPqyFAUbTZeNUjpds7M+fcfV/jlhkatV92wnuCG2rbNwF7cl GcCLkfvjzcYLLyEPg02tweRgJJnakPuTLm5BbgkMZpUdnNAcjuQURA94nxtihLFgVcEY 5ty2XRMrrXj5RUbGJdl3RMwSyPD+mdeNDfjuL97g+mj0RL0ocH4yD1VEoySnWdCc5CaK JrqlnQMWS/IKuKM+XlJ0WLB2QLXxvpG0v9kr1FI8B15gxMlFBsh3T0MI45Kg3EOucLg4 gUeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WNp/ByhmX9wLkBDXlSojd9PVWABWZYeyHSH+56nKcx8=; b=HSPgI5e5nBrraULWoIvz7fmhv5TAq7lZ/XiQXmdad9WMiWcRvJZGP5mGDI5ldnzl/e scjEihEVRMZtqvbYD+ymURsU+/0WM+TV/OJWdrH1XxH4ehlHa26dxyKQxh2A9492b1jI IbHoYKu/2+axcON9bJuxC5OLmzaaXqu0gEgIZiOL/71AzIUt18RLS7FJnUCKv5Qk2wZz 3BacieO0rwPEePjArWTutVdC5rdXCoA4JHpNx4UijYl3lQgRbdXDekKRFdp0xudSLzB2 wBRCvb+ic37OMV9dcsB4UBhmWMyxBW6YRhYSG3UzdF4sliZhAhGlqA5AL2gokm8NztE4 uw2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TBnKF2Vn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q23si11614255ejr.192.2021.10.10.15.23.04; Sun, 10 Oct 2021 15:23:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TBnKF2Vn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233127AbhJJVeN (ORCPT + 99 others); Sun, 10 Oct 2021 17:34:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:58408 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232353AbhJJVeK (ORCPT ); Sun, 10 Oct 2021 17:34:10 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1EDDC60F46; Sun, 10 Oct 2021 21:32:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1633901531; bh=eHihA/hSn+HTCaHO3zpC1wVIopGrXqCuylSks2Wp+8k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TBnKF2VnU1ivnDiyMY0Ku3LSnvlGovCmCn7J3+jWaCitzVPk4ytAHcxC5bDS9t+KF Vb+qxs9Tip4H6YPrwUInMWtx88+5y3V6fayzCaQPh9sNhRCKqnnRwBX+UboJcJDLW9 bVtD8r+JAcJRrD2OFSc6jPa/BIrOabEDCt9joYoFnEmbmdPoU2OujbXX3VfEvZR2f1 amWy4XnozAbLAvQ7EJplHsE8FZ3iE1qyNAsIYWqqkqnU0rEd6erroAQMGCPk0bfeo1 9EYKo0KbREfYf52Jr7is3OtuB4ybhVEPS5DcRzFV8sFX6FftZ/sklyU/vCc3yFvLNc 7oxWmOU+dZ7yw== From: Gao Xiang To: linux-erofs@lists.ozlabs.org, LKML Cc: Lasse Collin , Chao Yu , Andrew Morton , Greg KH , Linus Torvalds , Gao Xiang Subject: [PATCH 2/7] lib/xz: Validate the value before assigning it to an enum variable Date: Mon, 11 Oct 2021 05:31:40 +0800 Message-Id: <20211010213145.17462-3-xiang@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20211010213145.17462-1-xiang@kernel.org> References: <20211010213145.17462-1-xiang@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Lasse Collin This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang --- lib/xz/xz_dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/xz/xz_dec_stream.c b/lib/xz/xz_dec_stream.c index fea86deaaa01..683570b93a8c 100644 --- a/lib/xz/xz_dec_stream.c +++ b/lib/xz/xz_dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- 2.20.1