sctp: prefer struct_size over open coded arithmetic
[ Upstream commit e5c5f3596de224422561d48eba6ece5210d967b3 ] This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2]. As the "ids" variable is a pointer to "struct sctp_assoc_ids" and this structure ends in a flexible array: struct sctp_assoc_ids { [...] sctp_assoc_t gaids_assoc_id[]; }; the preferred way in the kernel is to use the struct_size() helper to do the arithmetic instead of the calculation "size + size * count" in the kmalloc() function. Also, refactor the code adding the "ids_size" variable to avoid sizing twice. This way, the code is more readable and safer. This code was detected with the help of Coccinelle, and audited and modified manually. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] Link: https://github.com/KSPP/linux/issues/160 [2] Signed-off-by: Erick Archer <erick.archer@outlook.com> Acked-by: Xin Long <lucien.xin@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/PAXPR02MB724871DB78375AB06B5171C88B152@PAXPR02MB7248.eurprd02.prod.outlook.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
864a024250
commit
58405d6eff
|
@ -7118,6 +7118,7 @@ static int sctp_getsockopt_assoc_ids(struct sock *sk, int len,
|
||||||
struct sctp_sock *sp = sctp_sk(sk);
|
struct sctp_sock *sp = sctp_sk(sk);
|
||||||
struct sctp_association *asoc;
|
struct sctp_association *asoc;
|
||||||
struct sctp_assoc_ids *ids;
|
struct sctp_assoc_ids *ids;
|
||||||
|
size_t ids_size;
|
||||||
u32 num = 0;
|
u32 num = 0;
|
||||||
|
|
||||||
if (sctp_style(sk, TCP))
|
if (sctp_style(sk, TCP))
|
||||||
|
@ -7130,11 +7131,11 @@ static int sctp_getsockopt_assoc_ids(struct sock *sk, int len,
|
||||||
num++;
|
num++;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (len < sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num)
|
ids_size = struct_size(ids, gaids_assoc_id, num);
|
||||||
|
if (len < ids_size)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
len = sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num;
|
len = ids_size;
|
||||||
|
|
||||||
ids = kmalloc(len, GFP_USER | __GFP_NOWARN);
|
ids = kmalloc(len, GFP_USER | __GFP_NOWARN);
|
||||||
if (unlikely(!ids))
|
if (unlikely(!ids))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
Loading…
Reference in New Issue