[PATCH] ecryptfs: use struct_size() to prevent in integer overflow

From: Dan Carpenter
Date: Mon Jan 13 2025 - 01:20:37 EST

Next message: Kuniyuki Iwashima: "Re: [PATCH] ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only"
Previous message: Jacky Chou: " 回覆: 回覆: 回覆: [PATCH v2 05/10] ARM: dts: aspeed: system1: Add RGMII support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 32bit systems the "(sizeof(*msg) + msg->data_len" addition can lead
to integer wrapping. Use struct_size() for safety.

Fixes: 8bf2debd5f7b ("eCryptfs: introduce device handle for userspace daemon communications")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/ecryptfs/miscdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 4e62c3cef70f..88882f96e06f 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -325,7 +325,7 @@ static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data,
struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
int rc;

- if ((sizeof(*msg) + msg->data_len) != data_size) {
+ if (struct_size(msg, data, msg->data_len) != data_size) {
printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = "
"[%zd]; data_size = [%zd]. Invalid packet.\n", __func__,
(sizeof(*msg) + msg->data_len), data_size);
--
2.45.2

Next message: Kuniyuki Iwashima: "Re: [PATCH] ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only"
Previous message: Jacky Chou: " 回覆: 回覆: 回覆: [PATCH v2 05/10] ARM: dts: aspeed: system1: Add RGMII support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]