| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87f35305-324e-6f7a-69a6-710db05c6e7c@canonical.com>
Date: Wed, 26 Jan 2022 01:30:54 -0800
From: John Johansen <john.johansen@...onical.com>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Cc: linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] apparmor: Use struct_size() helper in kmalloc()
On 1/24/22 17:56, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Also, address the following sparse warnings:
> security/apparmor/lib.c:139:23: warning: using sizeof on a flexible structure
>
> Link: https://github.com/KSPP/linux/issues/174
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
thanks, I have pulled this into my tree
Acked-by: John Johansen <john.johansen@...onical.com>
> ---
> security/apparmor/lib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index fa49b81eb54c..5eda003c0d45 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -136,7 +136,7 @@ __counted char *aa_str_alloc(int size, gfp_t gfp)
> {
> struct counted_str *str;
>
> - str = kmalloc(sizeof(struct counted_str) + size, gfp);
> + str = kmalloc(struct_size(str, name, size), gfp);
> if (!str)
> return NULL;
>
Powered by blists - more mailing lists