Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp354437lqr; Wed, 5 Jun 2024 08:02:37 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV/i22e7VuaPiWhtQBkbTsrDFOHwqHMyZUqCf0hLxUHrlbfX1QNJ+RehY4cKrVhR9/6GO9MpCxFjzsEV8tCav1AJbkjaaM8P8sk2Sp23Q== X-Google-Smtp-Source: AGHT+IEhc9y6dEOusQLg/ojTfk0wumL9gA93Eb2PnbufTT/ZR/U7UKnaj8HpHuURSNMVWfzHstDq X-Received: by 2002:a17:902:cec9:b0:1f6:84b1:d01c with SMTP id d9443c01a7336-1f6a5a1fc27mr30430235ad.41.1717599756793; Wed, 05 Jun 2024 08:02:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717599756; cv=pass; d=google.com; s=arc-20160816; b=EgDFerPCx5l95XjLPEZ/VT5JUHLCIb8eX9xhl5fSTBsAQ3o0VJUIHO3mVRQ1Z5qWS6 nWPCO/XEELoIBAkOgbyfcUBzv7njy4srMslgOK1V7mg3KXO1Fhazia8xDke0gvIXd/1W si94EFU9jkRTZ1jrbcRLtM+yWZ8Hu7h3JZpth+Z2seKpSV5ME/W/it2bsW9z90FwKPJF tI5dA2PowZB4q6dg8lc/IX5nA8C2nf79YTLV2fJpRK4yCDdpDUivtJc2KqAr3fTq3ZXj c/6c1kRZiv2tSu02QPhi+ZXPxS8hU90QUUbd87vnbNNqtV4PGyWasoITa3BWeZ8xFMbg uIiQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ybGTd8jkhGx44JDNFr19UODlOhx+b9yI7dKFvTQNFeg=; fh=Xjd/OQkm2jBpNVqU6zus7zzmXvF2+eN3fdKj9IAAs8U=; b=0uM2Z5Zuxa9iZGEl3iuOTD1d5WSvoQ+n0Kt9QS6ferHVfN5369XlAjZ04jUmtUtfTm 7LVBFvsut2IreyfaQhJgT70ujv/GCUlbyfGkMIelCmnqc12r6AnrjhO6oBRcBXAUy/Mb mF9O2HG+jYXOM1WvmVp2sG/TRkmzjXQpIK9Mzgd8DaJCgrgC/f/TmLZCjUcQOVt2sSaZ mmZu9oX/mht7Ud46GsHy0W0hBLYFgoDlZ61dxH/c11W+B0tnY1ruk4SbyUYd7FGnqhRZ ZHWJIHkNmFO0cj5xpiHltBiEWlIGnGIMufRWfHLaXUE0AqNoeUy378htHv4EPG4k+2yr cJxw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ncQVyjkl; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-202362-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202362-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f63233d256si102686685ad.27.2024.06.05.08.02.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 08:02:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-202362-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ncQVyjkl; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-202362-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202362-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id ED2DF28A9A4 for ; Wed, 5 Jun 2024 12:06:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BDE2F1AC431; Wed, 5 Jun 2024 11:52:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ncQVyjkl" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9788195986; Wed, 5 Jun 2024 11:52:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717588360; cv=none; b=r0dufVSf95W2Wh1sHEXruzdX2gYyTMwAiYmxjzYgm7LGvDWA0V87cgRh8iTq2lfWF/Le4FFlOvTIjU6rE2If27Mix+I7ii79y+nA2sDFdG/+pmF4JvXMgMc0X0j3ayTJP5pfJjoZoWBQkGdsBYisEUlsqrItWIIuVjb64Muu/Do= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717588360; c=relaxed/simple; bh=klJFbPZVKDRnhHyoOzh54fT6kOqFxXYc3De6rLdD1aE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XYQFU7Ngk9gU9PKJ0PDn9qKlrAYn1pL59fqZPzcFjpL1tX5hEsHaMkjzoVDE6yWNmqf0r8z7/JfRo9xpyuMn0Vz/iPJU+6T4jObz4HHe511O6yY4Jw5akfNE2EW6udwZChscYwWv8tOZJkcAhHFY+DqrNSLbdHZ0Fx2wNvL3DZc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ncQVyjkl; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9D9FDC32781; Wed, 5 Jun 2024 11:52:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717588359; bh=klJFbPZVKDRnhHyoOzh54fT6kOqFxXYc3De6rLdD1aE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ncQVyjkldIaneWiwEvPC2+7Zra8N+4tnNodxI/rL2q1S3pEh0Yrbd1ENzvT1KqJ2w YqNyGFcShqG4bHuzyP+C1eEPix9/XaT+F/MgZM2xyel33arYAdxUeON4ZLWaaHUIZ9 dslnsXMu91lSU5rDcAgVZsC4CUTF0Yf7514/WYguoUpBSnS0GBYJFFoQUZiV9bdHit 3uNGpy6TkpqYXENRR6LJye8NwSmRxwPMMXfViMk0KQvtA6oPQBn1sw5oixMU1c4BNi LPrfA2p+eTGA8GePIDSjNVKZHGcDiKEXdY7Em/lkj6TZ47dF9OwDau75NiSgw+U1hK q4u26vHm4qAXA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Roman Smirnov , Jan Kara , Sergey Shtylyov , Sasha Levin , jack@suse.com Subject: [PATCH AUTOSEL 6.6 07/20] udf: udftime: prevent overflow in udf_disk_stamp_to_time() Date: Wed, 5 Jun 2024 07:51:50 -0400 Message-ID: <20240605115225.2963242-7-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240605115225.2963242-1-sashal@kernel.org> References: <20240605115225.2963242-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.6.32 Content-Transfer-Encoding: 8bit From: Roman Smirnov [ Upstream commit 3b84adf460381169c085e4bc09e7b57e9e16db0a ] An overflow can occur in a situation where src.centiseconds takes the value of 255. This situation is unlikely, but there is no validation check anywere in the code. Found by Linux Verification Center (linuxtesting.org) with Svace. Suggested-by: Jan Kara Signed-off-by: Roman Smirnov Reviewed-by: Sergey Shtylyov Signed-off-by: Jan Kara Message-Id: <20240327132755.13945-1-r.smirnov@omp.ru> Signed-off-by: Sasha Levin --- fs/udf/udftime.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/udf/udftime.c b/fs/udf/udftime.c index 758163af39c26..78ecc633606fb 100644 --- a/fs/udf/udftime.c +++ b/fs/udf/udftime.c @@ -46,13 +46,18 @@ udf_disk_stamp_to_time(struct timespec64 *dest, struct timestamp src) dest->tv_sec = mktime64(year, src.month, src.day, src.hour, src.minute, src.second); dest->tv_sec -= offset * 60; - dest->tv_nsec = 1000 * (src.centiseconds * 10000 + - src.hundredsOfMicroseconds * 100 + src.microseconds); + /* * Sanitize nanosecond field since reportedly some filesystems are * recorded with bogus sub-second values. */ - dest->tv_nsec %= NSEC_PER_SEC; + if (src.centiseconds < 100 && src.hundredsOfMicroseconds < 100 && + src.microseconds < 100) { + dest->tv_nsec = 1000 * (src.centiseconds * 10000 + + src.hundredsOfMicroseconds * 100 + src.microseconds); + } else { + dest->tv_nsec = 0; + } } void -- 2.43.0