[PATCH][next] apparmor: Use struct_size() helper in kzalloc()

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH][next] apparmor: Use struct_size() helper in kzalloc()
@ 2021-09-29 22:05 Gustavo A. R. Silva
  2021-10-01 23:37 ` John Johansen
  0 siblings, 1 reply; 3+ messages in thread
From: Gustavo A. R. Silva @ 2021-09-29 22:05 UTC (permalink / raw)
  To: John Johansen, James Morris, Serge E. Hallyn
  Cc: linux-security-module, linux-kernel, Gustavo A. R. Silva,
	linux-hardening

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worse scenario, could lead to heap overflows.

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 security/apparmor/label.c  | 3 +--
 security/apparmor/policy.c | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 6222fdfebe4e..0b0265da1926 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -425,8 +425,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
 	AA_BUG(size < 1);
 
 	/*  + 1 for null terminator entry on vec */
-	new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1),
-			gfp);
+	new = kzalloc(struct_size(new, vec, size + 1), gfp);
 	AA_DEBUG("%s (%p)\n", __func__, new);
 	if (!new)
 		goto fail;
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 17191a9eae41..5827dbdfbfca 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -260,8 +260,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
 	struct aa_profile *profile;
 
 	/* freed by free_profile - usually through aa_put_profile */
-	profile = kzalloc(sizeof(*profile) + sizeof(struct aa_profile *) * 2,
-			  gfp);
+	profile = kzalloc(struct_size(profile, label.vec, 2), gfp);
 	if (!profile)
 		return NULL;
 
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH][next] apparmor: Use struct_size() helper in kzalloc()
  2021-09-29 22:05 [PATCH][next] apparmor: Use struct_size() helper in kzalloc() Gustavo A. R. Silva
@ 2021-10-01 23:37 ` John Johansen
  2021-10-01 23:49   ` Gustavo A. R. Silva
  0 siblings, 1 reply; 3+ messages in thread
From: John Johansen @ 2021-10-01 23:37 UTC (permalink / raw)
  To: Gustavo A. R. Silva, James Morris, Serge E. Hallyn
  Cc: linux-security-module, linux-kernel, linux-hardening

On 9/29/21 3:05 PM, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worse scenario, could lead to heap overflows.
>> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

nice

I will pull this into my tree
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/apparmor/label.c  | 3 +--
>  security/apparmor/policy.c | 3 +--
>  2 files changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/security/apparmor/label.c b/security/apparmor/label.c
> index 6222fdfebe4e..0b0265da1926 100644
> --- a/security/apparmor/label.c
> +++ b/security/apparmor/label.c
> @@ -425,8 +425,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
>  	AA_BUG(size < 1);
>  
>  	/*  + 1 for null terminator entry on vec */
> -	new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1),
> -			gfp);
> +	new = kzalloc(struct_size(new, vec, size + 1), gfp);
>  	AA_DEBUG("%s (%p)\n", __func__, new);
>  	if (!new)
>  		goto fail;
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index 17191a9eae41..5827dbdfbfca 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -260,8 +260,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
>  	struct aa_profile *profile;
>  
>  	/* freed by free_profile - usually through aa_put_profile */
> -	profile = kzalloc(sizeof(*profile) + sizeof(struct aa_profile *) * 2,
> -			  gfp);
> +	profile = kzalloc(struct_size(profile, label.vec, 2), gfp);
>  	if (!profile)
>  		return NULL;
>  
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH][next] apparmor: Use struct_size() helper in kzalloc()
  2021-10-01 23:37 ` John Johansen
@ 2021-10-01 23:49   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 3+ messages in thread
From: Gustavo A. R. Silva @ 2021-10-01 23:49 UTC (permalink / raw)
  To: John Johansen
  Cc: James Morris, Serge E. Hallyn, linux-security-module,
	linux-kernel, linux-hardening

On Fri, Oct 01, 2021 at 04:37:08PM -0700, John Johansen wrote:
> On 9/29/21 3:05 PM, Gustavo A. R. Silva wrote:
> > Make use of the struct_size() helper instead of an open-coded version,
> > in order to avoid any potential type mistakes or integer overflows that,
> > in the worse scenario, could lead to heap overflows.
> >> Link: https://github.com/KSPP/linux/issues/160
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> 
> nice
> 
> I will pull this into my tree
> Acked-by: John Johansen <john.johansen@canonical.com>

Thanks, John.

--
Gustavo

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-10-01 23:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-29 22:05 [PATCH][next] apparmor: Use struct_size() helper in kzalloc() Gustavo A. R. Silva
2021-10-01 23:37 ` John Johansen
2021-10-01 23:49   ` Gustavo A. R. Silva

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.