apparmor: Use struct_size() helper in kzalloc()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worse scenario, could lead to heap overflows.

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>

authored by

Gustavo A. R. Silva and committed by

John Johansen 4 years ago f4a2d282 4d47fbbe

+2 -4

2 changed files

expand all

security

apparmor

label.c

policy.c

+1 -2

security/apparmor/label.c

··· 424 424 AA_BUG(size < 1); 425 425 426 426 /* + 1 for null terminator entry on vec */ 427 - new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1), 428 - gfp); 427 + new = kzalloc(struct_size(new, vec, size + 1), gfp); 429 428 AA_DEBUG("%s (%p)\n", __func__, new); 430 429 if (!new) 431 430 goto fail;

+1 -2

security/apparmor/policy.c

··· 259 259 struct aa_profile *profile; 260 260 261 261 /* freed by free_profile - usually through aa_put_profile */ 262 - profile = kzalloc(sizeof(*profile) + sizeof(struct aa_profile *) * 2, 263 - gfp); 262 + profile = kzalloc(struct_size(profile, label.vec, 2), gfp); 264 263 if (!profile) 265 264 return NULL; 266 265