Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp988370lqp; Fri, 22 Mar 2024 02:02:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXs+AYZpTNrA0JVb7ASq0gtxJArzYYnL0zwScvqnQ385IKY5tT5/Fu+DshL+0vZAwIdfWbzrk3jUg+emCyw/OtDKfOEKe4tUw8y/Xz8Yg== X-Google-Smtp-Source: AGHT+IFcrL7AZeX+zorTA5gMNHf33BMFhs3qKkMRnpPpdFYkoU6WsFm8nOZHhQyodH6kM+vEWqDa X-Received: by 2002:a05:6808:179a:b0:3c3:76f3:e37 with SMTP id bg26-20020a056808179a00b003c376f30e37mr1683564oib.21.1711098143074; Fri, 22 Mar 2024 02:02:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711098143; cv=pass; d=google.com; s=arc-20160816; b=Ns3TjNUTQHurrhFZovoMcvqspPiUVUcohE/5pTf/BAFY4hwIurmIHtmAwELMYsasCT NfZ3MFYuCT9Ny/usJ9jZRKnr8cmZuOMliN6TfNh2w+2SQkbLt0in+fUhPXekZtnnDcJT F/9TfPQbpv4twoxWsNL+IP3uVBKSEPoGhUX3T8SafHvrVL7RW1QiJIZzsrL2yVS/gBcG RplWCQ69bjGoCyGV0+NZAp6UTQSU0AuJS73UgqiTvM4uqf1+cz96NwMjLyS2aTiGj7tf E593roOPw/PDj2SmUjPX32IXW1d0r7XGKwoKCOgPikwApx/uwtF4q8UDRgmGGWIwXlDO UBTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=l/pUD0+na6P2YR2IKaSCGb3sBJhjDVgoYModSEBbFpw=; fh=DnfdenfM7PC89f0y4mcRBHdOa6V5ZM2eoSrl1s0Dtvw=; b=Mx7uGtZP5G0YH3AHyCTpgpOAjx3jzremJn63kPTxpQLtuiFoJE+mf3vcpB28xE+3dH 4knWBvESLDDyzV37tZE4EKbpXvnE51VjdS+XLM7K7jj1LpbAY5TfARqcIyE7z/517IIM bNKQaDl3KZWIZXtnBcm+TGeQXhPXlSHkbrgXDsBB/9NhXEcyv26Gnt72/cGKHJdZwy8d ZOj2W18CUbHywcGReCnC2p6CsEqVlLldfLP1wA5eiFqgqbYIl58xLJotbV/3b+jdp8w9 aaEVDM+xDezHIgJjqRQgtfvzz86u6sJLaV15yfSKSPEORUkv0gF5xwMu5VrsKdPktStc 7F+g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=omp.ru); spf=pass (google.com: domain of linux-kernel+bounces-111176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111176-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id e18-20020ac85dd2000000b00430b6a92bc9si1545308qtx.775.2024.03.22.02.02.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 02:02:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-111176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=omp.ru); spf=pass (google.com: domain of linux-kernel+bounces-111176-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111176-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C65A51C2236B for ; Fri, 22 Mar 2024 09:02:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 20A7B1B7F1; Fri, 22 Mar 2024 09:02:17 +0000 (UTC) Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20B041B267 for ; Fri, 22 Mar 2024 09:02:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.154.21.10 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711098136; cv=none; b=hl7bEbtuTRqnkYX4Gf9RpEYx/sHwzN5udUd1EJ/8ZS50kjx96gyCe13jvzJaNOGeg+cP0zGEyv8jZ/pnrK3efiRfRVKeLTGe6vtNVl9CtIv2GPhwYkNvo5LadTgJ8ZCPforI8C6HuhFKkxWghVub92CBZItQrgHS2rhgnWHW3nU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711098136; c=relaxed/simple; bh=R0hfuKh1a36ZLHJsB/SZwOd7UoiwUuK8ECg7FM6l7Tk=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=dPgGddxleHeRypLQ9VHUfxQgG78W6vt3RwlqmLk5CIoMMv52ms9LkzveMZ95supInxfT1ABPjHAIy3PlpfolXNdxvdxwckln8RWW/eBs+IRVsSeh9AIWcYpV1Csuk1vaS+MmFWsPiO2eBe+DoGitHJ79aGF987S4QX9/Bm20NUM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=omp.ru; spf=pass smtp.mailfrom=omp.ru; arc=none smtp.client-ip=90.154.21.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=omp.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=omp.ru Received: from localhost.localdomain (78.37.41.5) by msexch01.omp.ru (10.188.4.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Fri, 22 Mar 2024 12:02:05 +0300 From: Roman Smirnov To: Jan Kara , CC: Roman Smirnov , Sergey Shtylyov , Karina Yankevich , Subject: [PATCH] udf: udftime: prevent overflow in udf_disk_stamp_to_time() Date: Fri, 22 Mar 2024 12:01:45 +0300 Message-ID: <20240322090145.11175-1-r.smirnov@omp.ru> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: msexch01.omp.ru (10.188.4.12) To msexch01.omp.ru (10.188.4.12) X-KSE-ServerInfo: msexch01.omp.ru, 9 X-KSE-AntiSpam-Interceptor-Info: scan successful X-KSE-AntiSpam-Version: 6.1.0, Database issued on: 03/22/2024 08:41:56 X-KSE-AntiSpam-Status: KAS_STATUS_NOT_DETECTED X-KSE-AntiSpam-Method: none X-KSE-AntiSpam-Rate: 0 X-KSE-AntiSpam-Info: Lua profiles 184344 [Mar 22 2024] X-KSE-AntiSpam-Info: Version: 6.1.0.4 X-KSE-AntiSpam-Info: Envelope from: r.smirnov@omp.ru X-KSE-AntiSpam-Info: LuaCore: 11 0.3.11 5ecf9895443a5066245fcb91e8430edf92b1b594 X-KSE-AntiSpam-Info: {rep_avail} X-KSE-AntiSpam-Info: {Tracking_from_domain_doesnt_match_to} X-KSE-AntiSpam-Info: d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;omp.ru:7.1.1;127.0.0.199:7.1.2 X-KSE-AntiSpam-Info: ApMailHostAddress: 78.37.41.5 X-KSE-AntiSpam-Info: Rate: 0 X-KSE-AntiSpam-Info: Status: not_detected X-KSE-AntiSpam-Info: Method: none X-KSE-AntiSpam-Info: Auth:dmarc=temperror header.from=omp.ru;spf=temperror smtp.mailfrom=omp.ru;dkim=none X-KSE-Antiphishing-Info: Clean X-KSE-Antiphishing-ScanningType: Heuristic X-KSE-Antiphishing-Method: None X-KSE-Antiphishing-Bases: 03/22/2024 08:45:00 X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean, bases: 3/22/2024 6:00:00 AM X-KSE-Attachment-Filter-Triggered-Rules: Clean X-KSE-Attachment-Filter-Triggered-Filters: Clean X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit An overflow can occur in a situation where src.centiseconds takes the value of 255. This situation is unlikely, but there is no validation check anywere in the code. It is necessary to convert the type of expression to 64-bit. Found by Linux Verification Center (linuxtesting.org) with Svace. Suggested-by: Sergey Shtylyov Signed-off-by: Roman Smirnov Reviewed-by: Sergey Shtylyov --- fs/udf/udftime.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/udf/udftime.c b/fs/udf/udftime.c index 758163af39c2..2824b90c8288 100644 --- a/fs/udf/udftime.c +++ b/fs/udf/udftime.c @@ -33,6 +33,7 @@ udf_disk_stamp_to_time(struct timespec64 *dest, struct timestamp src) u16 year = le16_to_cpu(src.year); uint8_t type = typeAndTimezone >> 12; int16_t offset; + int64_t nsec; if (type == 1) { offset = typeAndTimezone << 4; @@ -46,13 +47,13 @@ udf_disk_stamp_to_time(struct timespec64 *dest, struct timestamp src) dest->tv_sec = mktime64(year, src.month, src.day, src.hour, src.minute, src.second); dest->tv_sec -= offset * 60; - dest->tv_nsec = 1000 * (src.centiseconds * 10000 + + nsec = 1000LL * (src.centiseconds * 10000 + src.hundredsOfMicroseconds * 100 + src.microseconds); /* * Sanitize nanosecond field since reportedly some filesystems are * recorded with bogus sub-second values. */ - dest->tv_nsec %= NSEC_PER_SEC; + dest->tv_nsec = do_div(nsec, NSEC_PER_SEC); } void -- 2.34.1