Hi Kees and Xin,
On Mon, Apr 29, 2024 at 10:45:20AM -0700, Kees Cook wrote:
> On Sat, Apr 27, 2024 at 07:23:36PM +0200, Erick Archer wrote:
> > This is an effort to get rid of all multiplications from allocation
> > functions in order to prevent integer overflows [1][2].
> >
> > As the "ids" variable is a pointer to "struct sctp_assoc_ids" and this
> > structure ends in a flexible array:
> >
> > struct sctp_assoc_ids {
> __u32 gaids_number_of_ids;
> > sctp_assoc_t gaids_assoc_id[];
> > };
>
> This could gain __counted_by:
>
> diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h
> index b7d91d4cf0db..836173e73401 100644
> --- a/include/uapi/linux/sctp.h
> +++ b/include/uapi/linux/sctp.h
> @@ -1007,7 +1007,7 @@ enum sctp_sstat_state {
> */
> struct sctp_assoc_ids {
> __u32 gaids_number_of_ids;
> - sctp_assoc_t gaids_assoc_id[];
> + sctp_assoc_t gaids_assoc_id[] __counted_by(gaids_number_of_ids);
> };
>
Since this patch has been applied to the linux-next tree, I will send an
incremental one.
Thanks Kees and Xin for the review.
Regards,
Erick
