[RFC,01/20] selinux: check for multiplication overflow in put_entry()

Message ID 20230706132337.15924-1-cgzones@googlemail.com
State New
Headers
Series [RFC,01/20] selinux: check for multiplication overflow in put_entry() |

Commit Message

Christian Göttsche July 6, 2023, 1:23 p.m. UTC
  The function is always inlined and most of the time both relevant
arguments are compile time constants, allowing compilers to elide the
check.  Also the function is part of outputting the policy, which is not
performance critical.

Also convert the type of the third parameter into a size_t, since it
should always be a non-negative number of elements.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 security/selinux/ss/policydb.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
  

Comments

Paul Moore July 18, 2023, 10:01 p.m. UTC | #1
On Jul  6, 2023 Gong Ruiqi <gongruiqi1@huawei.com> wrote:
> 
> The function is always inlined and most of the time both relevant
> arguments are compile time constants, allowing compilers to elide the
> check.  Also the function is part of outputting the policy, which is not
> performance critical.
> 
> Also convert the type of the third parameter into a size_t, since it
> should always be a non-negative number of elements.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  security/selinux/ss/policydb.h | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

Merged into selinux/next, thanks.

--
paul-moore.com
  

Patch

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 74b63ed1173f..6b4ad8e91265 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -366,9 +366,12 @@  static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
 	return 0;
 }
 
-static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp)
+static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp)
 {
-	size_t len = bytes * num;
+	size_t len;
+
+	if (unlikely(check_mul_overflow(bytes, num, &len)))
+		return -EINVAL;
 
 	if (len > fp->len)
 		return -EINVAL;