| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cb70e767-1498-4b5b-9d77-0270a6548ab6@stanley.mountain>
Date: Mon, 13 Jan 2025 09:19:11 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Michael Halcrow <mhalcrow@...ibm.com>
Cc: Tyler Hicks <code@...icks.com>,
Andrew Morton <akpm@...ux-foundation.org>, ecryptfs@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: [PATCH] ecryptfs: use struct_size() to prevent in integer overflow
On 32bit systems the "(sizeof(*msg) + msg->data_len" addition can lead
to integer wrapping. Use struct_size() for safety.
Fixes: 8bf2debd5f7b ("eCryptfs: introduce device handle for userspace daemon communications")
Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
---
fs/ecryptfs/miscdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 4e62c3cef70f..88882f96e06f 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -325,7 +325,7 @@ static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data,
struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
int rc;
- if ((sizeof(*msg) + msg->data_len) != data_size) {
+ if (struct_size(msg, data, msg->data_len) != data_size) {
printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = "
"[%zd]; data_size = [%zd]. Invalid packet.\n", __func__,
(sizeof(*msg) + msg->data_len), data_size);
--
2.45.2
Powered by blists - more mailing lists