Fix out of bounds signature access with 32 bit off_t

If kmod has been configured with --disable-largefile on a 32 bit
system, off_t will be 32 bit. In that case, the parsed sig_len can
bypass a validation check (it's _unsigned_ 32 bit).

Due to the unlikeliness of people using --disable-largefile, this is
a mere validation fix. With an explicit signed 64 bit cast, there is
no binary change for 99.9% of Linux systems out there. ;)

diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 5ed59736240718c938de56f756657cc90fda9b73..2260cc6214c28c664b1663faca4b53e53fceb3ae 100644 (file)
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -124,7 +124,7 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
                        modsig->id_type >= PKEY_ID_TYPE__LAST)
                return false;
        sig_len = be32toh(get_unaligned(&modsig->sig_len));
-       if (size < (off_t)(modsig->signer_len + modsig->key_id_len + sig_len))
+       if (size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
                return false;
 
        size -= modsig->key_id_len + sig_len;