luks: Catch integer overflow for huge sizes

When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>

luks: Catch integer overflow for huge sizes
When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: N Kevin Wolf <kwolf@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>
3d7ed9c4 · Kevin Wolf · e39e959e · 3d7ed9c4
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

block/crypto.c block/crypto.c +5 -0

未找到文件。
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
 {
    struct BlockCryptoCreateData *data = opaque;

+    if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
+        error_setg(errp, "The requested file size is too large");
+        return -EFBIG;
+    }
+
    /* User provided size should reflect amount of space made
     * available to the guest, so we must take account of that
     * which will be used by the crypto header