Fix signedness mismatch and integer underflow

persist_get_max_entries() is supposed to return an unsigned integer as the maximum number of entries but it also wrongly returns "-1" as an error condition. Also fix an issue where an unsigned subtraction in this routine could lead to integer underflow. Bug: 112731440 Test: manual Change-Id: I9672e39bef2c12156dda7806a08c52044962c178
6 years ago · f83cc61c1f
parent 6aaedb0dca
commit f83cc61c1f
1 changed files with 7 additions and 6 deletions
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@ -2458,24 +2458,25 @@ int cryptfs_changepw(int crypt_type, const char* newpw) {
 static unsigned int persist_get_max_entries(int encrypted) {
    struct crypt_mnt_ftr crypt_ftr;
    unsigned int dsize;
-    unsigned int max_persistent_entries;

    /* If encrypted, use the values from the crypt_ftr, otherwise
     * use the values for the current spec.
     */
    if (encrypted) {
        if (get_crypt_ftr_and_key(&crypt_ftr)) {
-            return -1;
+            /* Something is wrong, assume no space for entries */
+            return 0;
        }
        dsize = crypt_ftr.persist_data_size;
    } else {
        dsize = CRYPT_PERSIST_DATA_SIZE;
    }

-    max_persistent_entries =
-        (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
-
-    return max_persistent_entries;
+    if (dsize > sizeof(struct crypt_persist_data)) {
+        return (dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
+    } else {
+        return 0;
+    }
 }

 static int persist_get_key(const char* fieldname, char* value) {