Bug 458350 – fs/cifs/asn1.c:403: warning: comparison is always false due to limited range of data type

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 458350 - fs/cifs/asn1.c:403: warning: comparison is always false due to limited range of data type

Summary:	fs/cifs/asn1.c:403: warning: comparison is always false due to limited range ...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	realtime-kernel (Show other bugs)
Sub Component:
Version:	1.0
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	1.0.3
Target Release:	---
Assigned To:	Eugene Teo (Security Response)
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2008-08-07 14:38 EDT by Luis Claudio R. Goncalves
Modified:	2008-10-07 15:20 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-10-07 15:20:34 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Proposed backported patch (1.25 KB, patch) 2008-08-08 01:05 EDT, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch (1.13 KB, patch) 2008-08-16 23:28 EDT, Eugene Teo (Security Response)	no flags	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0857	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-10-07 15:18:59 EDT

Groups: None (edit)

Description Luis Claudio R. Goncalves 2008-08-07 14:38:49 EDT

Description of problem:

From fs/cifs/asn1.c line 403:
...
unsigned int size;
...
if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
                 return 0;
...

That lead to:

1. Second half of comparison is always false, so the upper limit is not really tested and

2. This compile time warning:
fs/cifs/asn1.c:403: warning: comparison is always false due to limited range of data type

Version-Release number of selected component (if applicable):

Observed in 2.6.24.7-75.el5rt

Comment 1 Eugene Teo (Security Response) 2008-08-07 19:44:45 EDT

It should be:
if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
                 return 0;

Upstream commit: 04e1e0cccade330ab3715ce59234f7e3b087e246

Comment 2 Eugene Teo (Security Response) 2008-08-07 20:29:07 EDT

[20:26] (__lc) <__lc> net/ipv4/netfilter/nf_nat_snmp_basic.c:447: warning: 
               comparison is always false due to limited range of data type
[20:27] (__lc) hey, the very same code:
[20:27] (__lc)         if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))

We need this included. Looks like it's not patched in upstream, so I'm sending a patch there too.

Comment 4 Eugene Teo (Security Response) 2008-08-07 20:45:11 EDT

(In reply to comment #2)
> [20:26] (__lc) <__lc> net/ipv4/netfilter/nf_nat_snmp_basic.c:447: warning: 
>                comparison is always false due to limited range of data type
> [20:27] (__lc) hey, the very same code:
> [20:27] (__lc)         if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
> 
> We need this included. Looks like it's not patched in upstream, so I'm sending
> a patch there too.

Jan Beulich submitted it, so it's in a queue now.

Comment 5 Eugene Teo (Security Response) 2008-08-08 01:05:28 EDT

Created attachment 313781 [details]
Proposed backported patch

Comment 8 Eugene Teo (Security Response) 2008-08-16 21:26:38 EDT

(In reply to comment #4)
> (In reply to comment #2)
> > [20:26] (__lc) <__lc> net/ipv4/netfilter/nf_nat_snmp_basic.c:447: warning: 
> >                comparison is always false due to limited range of data type
> > [20:27] (__lc) hey, the very same code:
> > [20:27] (__lc)         if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
> > 
> > We need this included. Looks like it's not patched in upstream, so I'm sending
> > a patch there too.
> 
> Jan Beulich submitted it, so it's in a queue now.

Luis, so, the upstream took David's patch instead. So the fix for above is slightly different. Please see 252815b0cfe711001eff0327872209986b36d490.

Also, just for reference, the upstream commit for fs/cifs/asn1.c warning is 04e1e0cccade330ab3715ce59234f7e3b087e246.

Thanks.

Comment 9 Eugene Teo (Security Response) 2008-08-16 23:28:28 EDT

Created attachment 314438 [details]
Proposed backported patch

Comment 10 Luis Claudio R. Goncalves 2008-09-09 17:57:10 EDT

Added a patch to -79 to keep us in sync with upstream...

Comment 16 errata-xmlrpc 2008-10-07 15:20:34 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0857.html

Note You need to log in before you can comment on or make changes to this bug.