lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 5 Aug 2021 13:00:01 +0200
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] net/ipv6/mcast: Use struct_size() helper



On 8/4/21 11:43 PM, Gustavo A. R. Silva wrote:
> Replace IP6_SFLSIZE() with struct_size() helper in order to avoid any
> potential type mistakes or integer overflows that, in the worst
> scenario, could lead to heap overflows.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
>  include/net/if_inet6.h |  3 ---
>  net/ipv6/mcast.c       | 20 +++++++++++++-------
>  2 files changed, 13 insertions(+), 10 deletions(-)
> 
> diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
> index 71bb4cc4d05d..42235c178b06 100644
> --- a/include/net/if_inet6.h
> +++ b/include/net/if_inet6.h
> @@ -82,9 +82,6 @@ struct ip6_sf_socklist {
>  	struct in6_addr		sl_addr[];
>  };
>  
> -#define IP6_SFLSIZE(count)	(sizeof(struct ip6_sf_socklist) + \
> -	(count) * sizeof(struct in6_addr))
> -
>  #define IP6_SFBLOCK	10	/* allocate this many at once */
>  
>  struct ipv6_mc_socklist {
> diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
> index 54ec163fbafa..cd951faa2fac 100644
> --- a/net/ipv6/mcast.c
> +++ b/net/ipv6/mcast.c
> @@ -447,7 +447,8 @@ int ip6_mc_source(int add, int omode, struct sock *sk,
>  
>  		if (psl)
>  			count += psl->sl_max;
> -		newpsl = sock_kmalloc(sk, IP6_SFLSIZE(count), GFP_KERNEL);
> +		newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count),
> +				      GFP_KERNEL);


I find the current code is more readable.

Please only change IP6_SFLSIZE() definition maybe 

Powered by blists - more mailing lists