From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Lasse Collin <lasse.collin@tukaani.org>,
Gao Xiang <hsiangkao@linux.alibaba.com>,
Sasha Levin <sashal@kernel.org>,
gustavoars@kernel.org, ojeda@kernel.org, ndesaulniers@google.com,
nathan@kernel.org
Subject: [PATCH AUTOSEL 4.14 27/39] lib/xz: Validate the value before assigning it to an enum variable
Date: Mon, 8 Nov 2021 20:06:37 -0500 [thread overview]
Message-ID: <20211109010649.1191041-27-sashal@kernel.org> (raw)
In-Reply-To: <20211109010649.1191041-1-sashal@kernel.org>
From: Lasse Collin <lasse.collin@tukaani.org>
[ Upstream commit 4f8d7abaa413c34da9d751289849dbfb7c977d05 ]
This might matter, for example, if the underlying type of enum xz_check
was a signed char. In such a case the validation wouldn't have caught an
unsupported header. I don't know if this problem can occur in the kernel
on any arch but it's still good to fix it because some people might copy
the XZ code to their own projects from Linux instead of the upstream
XZ Embedded repository.
This change may increase the code size by a few bytes. An alternative
would have been to use an unsigned int instead of enum xz_check but
using an enumeration looks cleaner.
Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org
Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/xz/xz_dec_stream.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/xz/xz_dec_stream.c b/lib/xz/xz_dec_stream.c
index ac809b1e64f78..9e5b9ab537fea 100644
--- a/lib/xz/xz_dec_stream.c
+++ b/lib/xz/xz_dec_stream.c
@@ -402,12 +402,12 @@ static enum xz_ret dec_stream_header(struct xz_dec *s)
* we will accept other check types too, but then the check won't
* be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given.
*/
+ if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
+ return XZ_OPTIONS_ERROR;
+
s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
#ifdef XZ_DEC_ANY_CHECK
- if (s->check_type > XZ_CHECK_MAX)
- return XZ_OPTIONS_ERROR;
-
if (s->check_type > XZ_CHECK_CRC32)
return XZ_UNSUPPORTED_CHECK;
#else
--
2.33.0
next prev parent reply other threads:[~2021-11-09 1:20 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 1:06 [PATCH AUTOSEL 4.14 01/39] Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 02/39] Bluetooth: fix use-after-free error in lock_sock_nested() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 03/39] platform/x86: wmi: do not fail if disabling fails Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 04/39] MIPS: lantiq: dma: add small delay after reset Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 05/39] MIPS: lantiq: dma: reset correct number of channel Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 06/39] locking/lockdep: Avoid RCU-induced noinstr fail Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 07/39] smackfs: Fix use-after-free in netlbl_catmap_walk() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 08/39] NET: IPV4: fix error "do not initialise globals to 0" Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 09/39] x86: Increase exception stack sizes Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 10/39] mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type Sasha Levin
2021-11-09 18:06 ` Brian Norris
2021-11-14 14:03 ` Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 11/39] mwifiex: Properly initialize private structure on interface type changes Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 12/39] media: mt9p031: Fix corrupted frame after restarting stream Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 13/39] media: netup_unidvb: handle interrupt properly according to the firmware Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 14/39] media: uvcvideo: Set capability in s_param Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 15/39] media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 16/39] media: s5p-mfc: Add checking to s5p_mfc_probe() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 17/39] media: mceusb: return without resubmitting URB in case of -EPROTO error Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 18/39] ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 19/39] ACPICA: Avoid evaluating methods too early during system resume Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 20/39] media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 21/39] tracefs: Have tracefs directories not set OTH permission bits by default Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 22/39] ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 23/39] ACPI: battery: Accept charges over the design capacity as full Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 24/39] leaking_addresses: Always print a trailing newline Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 25/39] memstick: r592: Fix a UAF bug when removing the driver Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 26/39] lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression Sasha Levin
2021-11-09 1:06 ` Sasha Levin [this message]
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 28/39] tracing/cfi: Fix cmp_entries_* functions signature mismatch Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 29/39] mwl8k: Fix use-after-free in mwl8k_fw_state_machine() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 30/39] PM: hibernate: Get block device exclusively in swsusp_check() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 31/39] iwlwifi: mvm: disable RX-diversity in powersave Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 32/39] smackfs: use __GFP_NOFAIL for smk_cipso_doi() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 33/39] ARM: clang: Do not rely on lr register for stacktrace Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 34/39] gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 35/39] ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 36/39] spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 37/39] parisc: fix warning in flush_tlb_all Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 38/39] task_stack: Fix end_of_stack() for architectures with upwards-growing stack Sasha Levin
2021-11-09 1:06 ` [PATCH AUTOSEL 4.14 39/39] parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109010649.1191041-27-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gustavoars@kernel.org \
--cc=hsiangkao@linux.alibaba.com \
--cc=lasse.collin@tukaani.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).