Re: [PATCH 16/23] pefile: Parse a PE binary to find a key and a signature contained therein

From: David Howells
Date: Tue Oct 30 2012 - 20:59:30 EST

Next message: Minchan Kim: "Re: [PATCH v3 0/3] zram/zsmalloc promotion"
Previous message: Jim Rees: "Re: [PATCH v8 01/16] hashtable: introduce a small and naive hashtable"
In reply to: Kees Cook: "Re: [PATCH 16/23] pefile: Parse a PE binary to find a key and asignature contained therein"
Next in thread: Kees Cook: "Re: [PATCH 16/23] pefile: Parse a PE binary to find a key and asignature contained therein"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> This multiplication can push the cursor out of bounds. (n_data_dirents
> is unverified).
> ...
> Both of these cases of n_sections multiplications can wrap.
> Ultimately, you can end up with cursor close to zero, but n_sections
> being giant.

Good points. I wonder if I should limit these to some low number, or just
check that they don't exceed header_size, which also needs checking as you
said.

> ... (Also, do you want a "break" in there after the first .keylist is found,
> or is this intentionally "use last key list"?)

I hadn't considered that. Inserting a break is probably best, if only to
curtail the processing time slightly.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Minchan Kim: "Re: [PATCH v3 0/3] zram/zsmalloc promotion"
Previous message: Jim Rees: "Re: [PATCH v8 01/16] hashtable: introduce a small and naive hashtable"
In reply to: Kees Cook: "Re: [PATCH 16/23] pefile: Parse a PE binary to find a key and asignature contained therein"
Next in thread: Kees Cook: "Re: [PATCH 16/23] pefile: Parse a PE binary to find a key and asignature contained therein"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]