Message ID | 20230706132337.15924-1-cgzones@googlemail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2564524vqx; Thu, 6 Jul 2023 06:33:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlG+5zI+WpSnVZK+Ha4Yd7hrYFUTZXADFdFerqPPptHY3jKnwsn1EJdZbKgGFpjNWfLSjS35 X-Received: by 2002:a05:6808:15a2:b0:3a3:a8ce:c635 with SMTP id t34-20020a05680815a200b003a3a8cec635mr1944062oiw.42.1688650405516; Thu, 06 Jul 2023 06:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650405; cv=none; d=google.com; s=arc-20160816; b=ihxs0fsnIi0063X8KML2ifesKb7Wn41C3/00635O9PtgAkoOfiTsGoWvZPzOKky0/x MGch0IIG/H/7Zo31qA9djg59DzyIqkXc9/0d96yCcNKR95hObWRi2wOxL5h6ab8N5YBB UNfugEkOojJ24ST2dRtvEwtb+MdtHUzvebUABseu4E2FZ+BioGkH5T6a639my7IeQMqG 4cevQdcaEtCii+ik2am1WFHoyAnfrTp7FVfqqllpXfNZgUjwYzas9/e3c/xbkOX/MESt wgbwSkKVNauPpALlIi4tbdI45iDL/HFTna/x9MLGoiSiVZi8kiJCoWLmrYCTpQ76+QFh Hq4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=kd/U1ZIxNmOU8fg22DHwkA8gc8uQwBOCs60jsTeu/A/xiE/uqCJ8R/zxhlOLbSERjm XQt3X/cpOyUx3oLWmnoL1vsleB9bvQMyauDtn42zcSMHZVVY20rJGbplLkofp8utadCu 8d4LmirQdMhfzAjHT0ogciuC4iHFAbzPNCFigJ6JnWQKVweSTN9s14POptg1yVwZRtUP v4+5IJqZ4bBfCgwm87pqVNCXuD/8cFieF8PF/gsLopAgQD2+NY5OifHCn/JdZOJPWo/h gMPaMM1PnxShfQgBDITHfqLxYh7sydrpXSMu09lrVAv8Od5BHML/XgaoZZ+J7+DvJChb MVNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jpy3SNoT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y68-20020a636447000000b00553a56f7b36si1508554pgb.522.2023.07.06.06.33.09; Thu, 06 Jul 2023 06:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jpy3SNoT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231642AbjGFNXr (ORCPT <rfc822;hadasmailinglist@gmail.com> + 99 others); Thu, 6 Jul 2023 09:23:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229919AbjGFNXq (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 6 Jul 2023 09:23:46 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6995B1994; Thu, 6 Jul 2023 06:23:45 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-992acf67388so81793166b.1; Thu, 06 Jul 2023 06:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=jpy3SNoTSnMnS3x/7zAxQzz/XTlzy17ldr228oGAP/Xg3V+9epfdo7Z6fxtc61UDY6 BF9Jic/dXx03T4dhI9Z2/nmLamZVb9XV7stxUkqVGdmcxTEHj8Sc3P7e5J5/ywfubHPJ 53AR6eU2vP0kXzZ2V05E5Cq0hNMEss9qE+Jr4fiU/V8/HU/VFrUn8rQ3sJ5vEST9RwRM hs+LPBn6dznCGQVF78+4O1/mI76LLSqwn0gqCEBZ5VvLLEovATYVnvn9K91/V5ikdy0m PHIewlEU+uEsezVRORrmi1ZkJHUhVPEP501P81U5exIcNEUwvhqahsDqcPuU9grOGAa7 TBww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=WcfmKpqOA+vYe6vR9SLsfa/qQq4g2irLGPhpJcTUhcyu2pikZqDbzX1rcHg7zzN9ej QubZOEj4VoxVbh7RDnNRwOqBVyO6Nv9Ov65YM3I9ww5UkKQgJmrrPyZSdQfy0a7etkNA i28tNRSR5nv4Ezx8CQ/4QMoAF6MK3uCeHVPEvpFsHMkLuVv4bqL7qI4DEZjCZNBwdqTA +Cljh6m9dMfvxx0YgF8b6UzfcUArnWDWWTjHp6mMW6WlkPgPdjpo9i6r2ZzrjKsNtqwB IVQK/ohiHvIFRo6mLVRHLOaIn0wnxjGrcEm52KdXVkDYnr1ZXV8U+aVdXWyC9J6iiPdz B3CA== X-Gm-Message-State: ABy/qLaeC+dXvmDldtJriJpT1W/fvaa8gdvBKR0YnXAxfWgqaqiupQEs rXnVgDGaXhsRIHpTpTeyZqit/pZ6BjK0oPCB X-Received: by 2002:a17:906:51da:b0:992:4a1b:30e2 with SMTP id v26-20020a17090651da00b009924a1b30e2mr1598976ejk.7.1688649823591; Thu, 06 Jul 2023 06:23:43 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:43 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Cc: Paul Moore <paul@paul-moore.com>, Stephen Smalley <stephen.smalley.work@gmail.com>, Eric Paris <eparis@parisplace.org>, linux-kernel@vger.kernel.org Subject: [RFC PATCH 01/20] selinux: check for multiplication overflow in put_entry() Date: Thu, 6 Jul 2023 15:23:16 +0200 Message-Id: <20230706132337.15924-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678287627991301?= X-GMAIL-MSGID: =?utf-8?q?1770678287627991301?= |
Series |
[RFC,01/20] selinux: check for multiplication overflow in put_entry()
|
|
Commit Message
Christian Göttsche
July 6, 2023, 1:23 p.m. UTC
The function is always inlined and most of the time both relevant
arguments are compile time constants, allowing compilers to elide the
check. Also the function is part of outputting the policy, which is not
performance critical.
Also convert the type of the third parameter into a size_t, since it
should always be a non-negative number of elements.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
security/selinux/ss/policydb.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
On Jul 6, 2023 Gong Ruiqi <gongruiqi1@huawei.com> wrote: > > The function is always inlined and most of the time both relevant > arguments are compile time constants, allowing compilers to elide the > check. Also the function is part of outputting the policy, which is not > performance critical. > > Also convert the type of the third parameter into a size_t, since it > should always be a non-negative number of elements. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > security/selinux/ss/policydb.h | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) Merged into selinux/next, thanks. -- paul-moore.com
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 74b63ed1173f..6b4ad8e91265 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -366,9 +366,12 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) return 0; } -static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) +static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp) { - size_t len = bytes * num; + size_t len; + + if (unlikely(check_mul_overflow(bytes, num, &len))) + return -EINVAL; if (len > fp->len) return -EINVAL;