From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 3 Sep 2024 17:49:04 +0000 (+0200)
Subject: libkmod: Improve signature parser on 32 bit archs
X-Git-Tag: v34~455
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac34d1897282cf764296e085d26100788fd5a0e2;p=thirdparty%2Fkmod.git

libkmod: Improve signature parser on 32 bit archs

During signature parser validation it is not enough to cast the end
result to 64 bit, because on 32 bit systems size_t is an unsigned 32 bit
integer, which implies that this will be the data type used to evaluate
the expression BEFORE casting it due to C standard.

Since the unsigned 32 bit calculation can overflow, cast the size_t
to int64_t, which makes the whole calculation safe.

This has no negative impact on 64 bit systems because the size_t
value is read as an unsigned 32 bit value from module.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/95
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---

diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 48caf74a..2fa0ec35 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -326,7 +326,7 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
 		return false;
 	sig_len = be32toh(get_unaligned(&modsig->sig_len));
 	if (sig_len == 0 ||
-	    size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
+	    size < (int64_t)sig_len + modsig->signer_len + modsig->key_id_len)
 		return false;
 
 	switch (modsig->id_type) {