Patch "sctp: prefer struct_size over open coded arithmetic" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    sctp: prefer struct_size over open coded arithmetic

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sctp-prefer-struct_size-over-open-coded-arithmetic.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 8a5ecad43aa11c09a3127f15452e19f81e951152
Author: Erick Archer <erick.archer@xxxxxxxxxxx>
Date:   Sat Apr 27 19:23:36 2024 +0200

    sctp: prefer struct_size over open coded arithmetic
    
    [ Upstream commit e5c5f3596de224422561d48eba6ece5210d967b3 ]
    
    This is an effort to get rid of all multiplications from allocation
    functions in order to prevent integer overflows [1][2].
    
    As the "ids" variable is a pointer to "struct sctp_assoc_ids" and this
    structure ends in a flexible array:
    
    struct sctp_assoc_ids {
            [...]
            sctp_assoc_t    gaids_assoc_id[];
    };
    
    the preferred way in the kernel is to use the struct_size() helper to
    do the arithmetic instead of the calculation "size + size * count" in
    the kmalloc() function.
    
    Also, refactor the code adding the "ids_size" variable to avoid sizing
    twice.
    
    This way, the code is more readable and safer.
    
    This code was detected with the help of Coccinelle, and audited and
    modified manually.
    
    Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1]
    Link: https://github.com/KSPP/linux/issues/160 [2]
    Signed-off-by: Erick Archer <erick.archer@xxxxxxxxxxx>
    Acked-by: Xin Long <lucien.xin@xxxxxxxxx>
    Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/PAXPR02MB724871DB78375AB06B5171C88B152@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 6b9fcdb0952a0..225dfacfd233f 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7118,6 +7118,7 @@ static int sctp_getsockopt_assoc_ids(struct sock *sk, int len,
 	struct sctp_sock *sp = sctp_sk(sk);
 	struct sctp_association *asoc;
 	struct sctp_assoc_ids *ids;
+	size_t ids_size;
 	u32 num = 0;
 
 	if (sctp_style(sk, TCP))
@@ -7130,11 +7131,11 @@ static int sctp_getsockopt_assoc_ids(struct sock *sk, int len,
 		num++;
 	}
 
-	if (len < sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num)
+	ids_size = struct_size(ids, gaids_assoc_id, num);
+	if (len < ids_size)
 		return -EINVAL;
 
-	len = sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num;
-
+	len = ids_size;
 	ids = kmalloc(len, GFP_USER | __GFP_NOWARN);
 	if (unlikely(!ids))
 		return -ENOMEM;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux