From 3c27f8cb26e78985faeb749eba232ff29adcf18b Mon Sep 17 00:00:00 2001 From: "Art M. Gallagher" Date: Tue, 3 Mar 2020 21:51:46 +0000 Subject: [PATCH] vfs_fruit: tmsize prevent overflow Force the type during arithmetic in order to prevent overflow when summing the Time Machine folder size. Increase the precision to off_t (used for file sizes), leave the overflow error traps but with more precise wording. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13622 Signed-off-by: Art M. Gallagher Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Mar 7 01:37:31 UTC 2020 on sn-devel-184 (cherry picked from commit b0ba7cd4f96a6ea227943cb05ef51a463e292b2d) --- source3/modules/vfs_fruit.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index ebf3e18af2f..b2d0901a800 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4986,15 +4986,21 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle, return true; } + /* + * Arithmetic on 32-bit systems may cause overflow, depending on + * size_t precision. First we check its unlikely, then we + * force the precision into target off_t, then we check that + * the total did not overflow either. + */ if (bandsize > SIZE_MAX/nbands) { - DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n", + DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands [%zu]\n", bandsize, nbands); return false; } - tm_size = bandsize * nbands; + tm_size = (off_t)bandsize * (off_t)nbands; if (state->total_size + tm_size < state->total_size) { - DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n", + DBG_ERR("tm total size overflow: bandsize [%zu] nbands [%zu]\n", bandsize, nbands); return false; } -- 2.20.1