summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGustavo A. R. Silva <gustavoars@kernel.org>2021-09-30 00:05:26 +0200
committerJohn Johansen <john.johansen@canonical.com>2021-11-03 23:57:19 +0100
commitf4a2d282cca57607a0d6718fafa1ab2d62703254 (patch)
tree16fb63da1fc76313944707c9be9061f218f81c3c
parentapparmor: fix zero-length compiler warning in AA_BUG() (diff)
downloadlinux-f4a2d282cca57607a0d6718fafa1ab2d62703254.tar.xz
linux-f4a2d282cca57607a0d6718fafa1ab2d62703254.zip
apparmor: Use struct_size() helper in kzalloc()
Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/label.c3
-rw-r--r--security/apparmor/policy.c3
2 files changed, 2 insertions, 4 deletions
diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index f5eb9ac07e9b..1c89b056337b 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -424,8 +424,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
AA_BUG(size < 1);
/* + 1 for null terminator entry on vec */
- new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1),
- gfp);
+ new = kzalloc(struct_size(new, vec, size + 1), gfp);
AA_DEBUG("%s (%p)\n", __func__, new);
if (!new)
goto fail;
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 4da4f3df9d4a..76cc1949c66f 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -259,8 +259,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
struct aa_profile *profile;
/* freed by free_profile - usually through aa_put_profile */
- profile = kzalloc(sizeof(*profile) + sizeof(struct aa_profile *) * 2,
- gfp);
+ profile = kzalloc(struct_size(profile, label.vec, 2), gfp);
if (!profile)
return NULL;