Received: by 2002:ab2:6991:0:b0:1f2:fff1:ace7 with SMTP id v17csp89875lqo; Wed, 27 Mar 2024 07:43:31 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX8fPXoEM0tqrElMgS7IZNTmH2Wh+OEcVsWHpxzuV3S8Gb49mbV1Qbz2tPttwpe6C58kYz3K1ZO3dks8vcD/N/lRLYLviES6DOGjMKXdQ== X-Google-Smtp-Source: AGHT+IGjM8h4P9xYV0N4ueDqZ42JUJwuWeiZmwyUjYQAF39V0WOnWFbjNoiBTf3U5VJh21kKaSLv X-Received: by 2002:a17:906:8415:b0:a46:22a3:479f with SMTP id n21-20020a170906841500b00a4622a3479fmr1256972ejx.21.1711550610865; Wed, 27 Mar 2024 07:43:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711550610; cv=pass; d=google.com; s=arc-20160816; b=SMMsloORD913NSV7qoB8d9kKJF0beY2TTw8UPM9H+gyQiiedDDuq9AeOPTPINXEv56 g7348gv394UhSBbTq7dStnLq0XYyaU3HZM40vcqR8sL28b748s/7DWAaJEZHQ/hoHAs8 A8NZknMiW1uwb0j7cawDL6MEHYxU2XHORW/SlnNXAeEho4GACHHnLeIQvmYdwoVyA1XV o7oC3jqTg0pqfFtZK6erzUV/0ITAWQMVUI46uhcsOPkpgZFMU7gHgReDTO4AuTDzVp8F b/V3OzCl2j3KyIzrs0kDZ7BRxmWgjE10N/b6Wv6VXg0uDEjnHyBhG4vA1JIb2aMQY7S1 wl8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=SdATriobSlpQLlfdMM/NuUGa/qRUG+Pf7zdKmjU1Dx8=; fh=jkRarjw6ULvTuNk7Aj0YfXbTc0oQ6EDCmoKEamoGgBI=; b=jlKjp/Au5PYVJKvTt7G6F4v09gSLVKkkTHcCk2ay6W5aWEEUDjuwOXYGRKPT7vOCx0 Ljn9kM4vdUCsQZoXo0GCz0BRlyWMAmA2oIPDiDwG1mCW1vCBbPKkxeAPgeySycidTf6U EcAqWj7eyDceqxPURJQo5QxlFL1swZ4sa90vdBbB4ooOAaxoiB2RL1Gzw/Y8UoBbha25 V63G9vq4QF839sUS473PVZraePU+NGnEs145s0bCOUJo6d7TbjDpnayb2WjL+Avlr53W rx4Do12mJ4Ewxi2VKGCzg0KI+YEOCbFWTu+3wga0R2g7Qp4aRq1if3122DtU4V/T+Dq7 AnmA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=omp.ru); spf=pass (google.com: domain of linux-kernel+bounces-121364-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-121364-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id cr16-20020a170906d55000b00a474c0de9f2si4018029ejc.942.2024.03.27.07.43.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Mar 2024 07:43:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-121364-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=omp.ru); spf=pass (google.com: domain of linux-kernel+bounces-121364-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-121364-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 9A4021F2A79E for ; Wed, 27 Mar 2024 14:43:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A717E13BAFE; Wed, 27 Mar 2024 13:27:40 +0000 (UTC) Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4143B13BAF2 for ; Wed, 27 Mar 2024 13:27:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.154.21.10 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711546060; cv=none; b=H+lkROgwGOP72PKv4v8GiQGn1g69Ee7tRkgki9vraGStTX2WMjD3ejDZ2PmdD1j0UeSOiC7bMQaXFpbPu/rOhDo44J/SIB4L9AWRpWMNCM/GWD92QX6rcehUdht6BN+8g7kz5u67arJ9v1sRupQQ9n6WnJe/QeDXgoyp3yveIss= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711546060; c=relaxed/simple; bh=pRRk+A5pVTzJED7abAqhdbyakVo6azr4eGLw0OA5Bo4=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=mUhvXj2AOU4b1gZQOIsvgULfHli4G08+vJtJYaLifWdFHk84cTm591MNuQlSpZTmHFgQBPhw4Z3h6hLCZj0XfWe128RodTuPgt3WOsedn96TnlM1njppGi1KgQ3e/nR2c5y6PAGiRI9zuw9oroGxaJq+MarL8PD1j0VDYOCI05I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=omp.ru; spf=pass smtp.mailfrom=omp.ru; arc=none smtp.client-ip=90.154.21.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=omp.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=omp.ru Received: from msk1wst434n.omp.ru (81.22.207.138) by msexch01.omp.ru (10.188.4.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 27 Mar 2024 16:27:32 +0300 From: Roman Smirnov To: Jan Kara CC: Roman Smirnov , , Sergey Shtylyov , , Jan Kara Subject: [PATCH v2] udf: udftime: prevent overflow in udf_disk_stamp_to_time() Date: Wed, 27 Mar 2024 16:27:55 +0300 Message-ID: <20240327132755.13945-1-r.smirnov@omp.ru> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: msexch01.omp.ru (10.188.4.12) To msexch01.omp.ru (10.188.4.12) X-KSE-ServerInfo: msexch01.omp.ru, 9 X-KSE-AntiSpam-Interceptor-Info: scan successful X-KSE-AntiSpam-Version: 6.1.0, Database issued on: 03/27/2024 13:10:53 X-KSE-AntiSpam-Status: KAS_STATUS_NOT_DETECTED X-KSE-AntiSpam-Method: none X-KSE-AntiSpam-Rate: 0 X-KSE-AntiSpam-Info: Lua profiles 184441 [Mar 27 2024] X-KSE-AntiSpam-Info: Version: 6.1.0.4 X-KSE-AntiSpam-Info: Envelope from: r.smirnov@omp.ru X-KSE-AntiSpam-Info: LuaCore: 13 0.3.13 9d58e50253d512f89cb08f71c87c671a2d0a1bca X-KSE-AntiSpam-Info: {rep_avail} X-KSE-AntiSpam-Info: {Tracking_from_domain_doesnt_match_to} X-KSE-AntiSpam-Info: 127.0.0.199:7.1.2;omp.ru:7.1.1;msk1wst434n.omp.ru:7.1.1;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;81.22.207.138:7.1.2 X-KSE-AntiSpam-Info: ApMailHostAddress: 81.22.207.138 X-KSE-AntiSpam-Info: Rate: 0 X-KSE-AntiSpam-Info: Status: not_detected X-KSE-AntiSpam-Info: Method: none X-KSE-AntiSpam-Info: Auth:dmarc=temperror header.from=omp.ru;spf=temperror smtp.mailfrom=omp.ru;dkim=none X-KSE-Antiphishing-Info: Clean X-KSE-Antiphishing-ScanningType: Heuristic X-KSE-Antiphishing-Method: None X-KSE-Antiphishing-Bases: 03/27/2024 13:15:00 X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean, bases: 3/27/2024 10:50:00 AM X-KSE-Attachment-Filter-Triggered-Rules: Clean X-KSE-Attachment-Filter-Triggered-Filters: Clean X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit An overflow can occur in a situation where src.centiseconds takes the value of 255. This situation is unlikely, but there is no validation check anywere in the code. Found by Linux Verification Center (linuxtesting.org) with Svace. Suggested-by: Jan Kara Signed-off-by: Roman Smirnov --- fs/udf/udftime.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/udf/udftime.c b/fs/udf/udftime.c index 758163af39c2..3113785af3cf 100644 --- a/fs/udf/udftime.c +++ b/fs/udf/udftime.c @@ -46,13 +46,18 @@ udf_disk_stamp_to_time(struct timespec64 *dest, struct timestamp src) dest->tv_sec = mktime64(year, src.month, src.day, src.hour, src.minute, src.second); dest->tv_sec -= offset * 60; - dest->tv_nsec = 1000 * (src.centiseconds * 10000 + - src.hundredsOfMicroseconds * 100 + src.microseconds); + /* * Sanitize nanosecond field since reportedly some filesystems are * recorded with bogus sub-second values. */ - dest->tv_nsec %= NSEC_PER_SEC; + if (src.centiseconds < 100 && src.hundredsOfMicroseconds < 100 && + src.microseconds < 100) { + dest->tv_nsec = 1000 * (src.centiseconds * 10000 + + src.hundredsOfMicroseconds * 100 + src.microseconds); + } else { + desk->tv_nsec = 0; + } } void -- 2.34.1