On 32bit systems the "(sizeof(*msg) + msg->data_len" addition can lead
to integer wrapping. Use struct_size() for safety.
Fixes: 8bf2debd5f7b ("eCryptfs: introduce device handle for userspace daemon communications")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/ecryptfs/miscdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 4e62c3cef70f..88882f96e06f 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -325,7 +325,7 @@ static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data,
struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
int rc;
- if ((sizeof(*msg) + msg->data_len) != data_size) {
+ if (struct_size(msg, data, msg->data_len) != data_size) {
printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = "
"[%zd]; data_size = [%zd]. Invalid packet.\n", __func__,
(sizeof(*msg) + msg->data_len), data_size);
--
2.45.2
