libkmod: Improve signature parser on 32 bit archs

During signature parser validation it is not enough to cast the end
result to 64 bit, because on 32 bit systems size_t is an unsigned 32 bit
integer, which implies that this will be the data type used to evaluate
the expression BEFORE casting it due to C standard.

Since the unsigned 32 bit calculation can overflow, cast the size_t
to int64_t, which makes the whole calculation safe.

This has no negative impact on 64 bit systems because the size_t
value is read as an unsigned 32 bit value from module.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/95
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>

diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 48caf74a2ac46a1f20ea3c9053231f84b0cd26eb..2fa0ec3535bfe81339ac477e8b008fc21b91ace4 100644 (file)
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -326,7 +326,7 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
                return false;
        sig_len = be32toh(get_unaligned(&modsig->sig_len));
        if (sig_len == 0 ||
-           size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
+           size < (int64_t)sig_len + modsig->signer_len + modsig->key_id_len)
                return false;
 
        switch (modsig->id_type) {