diff options
| author | Eric Biggers <ebiggers@google.com> | 2024-09-10 10:52:59 -0700 |
|---|---|---|
| committer | Mikulas Patocka <mpatocka@redhat.com> | 2024-09-11 14:04:41 +0200 |
| commit | 9c2010bccc0ce012f52de18ebd0c3add241f75b8 (patch) | |
| tree | 1f09bb76902e101475e301d3b1b3490b383bdb02 /tools/perf/scripts/python/gecko.py | |
| parent | 90da77987dd59c8f6ec6d508d23d5a77c7af64f1 (diff) | |
dm-integrity: check mac_size against HASH_MAX_DIGESTSIZE in sb_mac()
sb_mac() verifies that the superblock + MAC don't exceed 512 bytes.
Because the superblock is currently 64 bytes, this really verifies
mac_size <= 448. This confuses smatch into thinking that mac_size may
be as large as 448, which is inconsistent with the later code that
assumes the MAC fits in a buffer of size HASH_MAX_DIGESTSIZE (64).
In fact mac_size <= HASH_MAX_DIGESTSIZE is guaranteed by the crypto API,
as that is the whole point of HASH_MAX_DIGESTSIZE. But, let's be
defensive and explicitly check for this. This suppresses the false
positive smatch warning. It does not fix an actual bug.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202409061401.44rtN1bh-lkp@intel.com/
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/gecko.py')
0 files changed, 0 insertions, 0 deletions