Re: [PATCH] netlabel: fix shift wrapping bug in netlbl_catmap_setlong()

From: Paul Moore <paul@paul-moore.com>
Date: 2023-06-08 18:57:53
Also in: linux-security-module

On Thu, Jun 8, 2023 at 9:58 AM Dmitry Mastykin [off-list ref] wrote:

There is a shift wrapping bug in this code on 32-bit architectures.
NETLBL_CATMAP_MAPTYPE is u64, bitmap is unsigned long.
Every second 32-bit word of catmap becomes corrupted.

Signed-off-by: Dmitry Mastykin <redacted>
---
 net/netlabel/netlabel_kapi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Thanks Dmitry.

Acked-by: Paul Moore <paul@paul-moore.com>

quoted hunk ↗ jump to hunk

diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 54c083003947..27511c90a26f 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c

@@ -857,7 +857,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,

        offset -= iter->startbit;
        idx = offset / NETLBL_CATMAP_MAPSIZE;
-       iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
+       iter->bitmap[idx] |= (NETLBL_CATMAP_MAPTYPE)bitmap
+                            << (offset % NETLBL_CATMAP_MAPSIZE);

        return 0;
 }
--

2.30.2

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help