| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202201270204.D460EC35@keescook>
Date: Thu, 27 Jan 2022 02:05:23 -0800
From: Kees Cook <keescook@...omium.org>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
Viresh Kumar <vireshk@...nel.org>,
Johan Hovold <johan@...nel.org>, Alex Elder <elder@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] staging: greybus: i2c: Use struct_size() helper in
gb_i2c_operation_create()
On Wed, Jan 26, 2022 at 01:54:04PM +0300, Dan Carpenter wrote:
> On Mon, Jan 24, 2022 at 12:19:03PM -0800, Kees Cook wrote:
> > This could still overflow if struct_size() returns SIZE_MAX. Perhaps:
> >
> > if (check_add_overflow(struct_size(request, ops, msg_count),
> > data_out_size, &request_size))
> > request_size = SIZE_MAX;
> >
> > I should brush off the saturating arithmetic helpers series:
> > https://lore.kernel.org/all/20210920180853.1825195-1-keescook@chromium.org/
>
> Yes, please! Those seem like a million times easier to use.
Here they are! :) Please review:
https://lore.kernel.org/lkml/20220124232342.3113350-1-keescook@chromium.org/
Thanks!
--
Kees Cook
Powered by blists - more mailing lists