From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Darren Kenny <darren.kenny@oracle.com>

Date: Thu, 21 Jan 2021 11:38:31 +0000

Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow

The encrypt and decrypt functions expect a grub_size_t. So, we need to

ensure that the constant bit shift is using grub_size_t rather than

unsigned int when it is performing the shift.

Fixes: CID 307788

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

---

 grub-core/disk/cryptodisk.c | 8 ++++----

 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c

index bd60a66b384..78a902515e9 100644

--- a/grub-core/disk/cryptodisk.c

+++ b/grub-core/disk/cryptodisk.c

@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,

 	case GRUB_CRYPTODISK_MODE_CBC:

 	  if (do_encrypt)

 	    err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,

-					   (1U << dev->log_sector_size), iv);

+					   ((grub_size_t) 1 << dev->log_sector_size), iv);

 	  else

 	    err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,

-					   (1U << dev->log_sector_size), iv);

+					   ((grub_size_t) 1 << dev->log_sector_size), iv);

 	  if (err)

 	    return err;

 	  break;

@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,

 	case GRUB_CRYPTODISK_MODE_PCBC:

 	  if (do_encrypt)

 	    err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,

-					    (1U << dev->log_sector_size), iv);

+					    ((grub_size_t) 1 << dev->log_sector_size), iv);

 	  else

 	    err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,

-					    (1U << dev->log_sector_size), iv);

+					    ((grub_size_t) 1 << dev->log_sector_size), iv);

 	  if (err)

 	    return err;

 	  break;