lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Sep 2021 17:05:26 -0500 From: "Gustavo A. R. Silva" <gustavoars@...nel.org> To: John Johansen <john.johansen@...onical.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com> Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, linux-hardening@...r.kernel.org Subject: [PATCH][next] apparmor: Use struct_size() helper in kzalloc() Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org> --- security/apparmor/label.c | 3 +-- security/apparmor/policy.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 6222fdfebe4e..0b0265da1926 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -425,8 +425,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp) AA_BUG(size < 1); /* + 1 for null terminator entry on vec */ - new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1), - gfp); + new = kzalloc(struct_size(new, vec, size + 1), gfp); AA_DEBUG("%s (%p)\n", __func__, new); if (!new) goto fail; diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 17191a9eae41..5827dbdfbfca 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -260,8 +260,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy, struct aa_profile *profile; /* freed by free_profile - usually through aa_put_profile */ - profile = kzalloc(sizeof(*profile) + sizeof(struct aa_profile *) * 2, - gfp); + profile = kzalloc(struct_size(profile, label.vec, 2), gfp); if (!profile) return NULL; -- 2.27.0
Powered by blists - more mailing lists