aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2018-03-05 18:15:26 +0100
committerKevin Wolf <kwolf@redhat.com>2018-03-19 12:01:24 +0100
commit3d7ed9c453ad10e73edbcde1b718506ed7b86388 (patch)
tree916f65c89af6e3854f841fe66e0e1bb1e0249ca9
parente39e959e89b33bc0e17a702db42ea8a5f3763133 (diff)
downloadqemu-3d7ed9c453ad10e73edbcde1b718506ed7b86388.zip
qemu-3d7ed9c453ad10e73edbcde1b718506ed7b86388.tar.gz
qemu-3d7ed9c453ad10e73edbcde1b718506ed7b86388.tar.bz2
luks: Catch integer overflow for huge sizes
When you request an image size close to UINT64_MAX, the addition of the crypto header may cause an integer overflow. Catch it instead of silently truncating the image size. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-rw-r--r--block/crypto.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/block/crypto.c b/block/crypto.c
index 00fb40c..e0b8856 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock *block,
{
struct BlockCryptoCreateData *data = opaque;
+ if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
+ error_setg(errp, "The requested file size is too large");
+ return -EFBIG;
+ }
+
/* User provided size should reflect amount of space made
* available to the guest, so we must take account of that
* which will be used by the crypto header