selinux: check for multiplication overflow in put_entry()

The function is always inlined and most of the time both relevant arguments are compile time constants, allowing compilers to elide the check. Also the function is part of outputting the policy, which is not performance critical. Also convert the type of the third parameter into a size_t, since it should always be a non-negative number of elements. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Christian Göttsche <cgzones@googlemail.com> 2023-07-06 15:23:16 +0200
committer: Paul Moore <paul@paul-moore.com> 2023-07-18 18:29:46 -0400
commit: bbea03f474850b3bce329aa3b990b1a4853136f0 (patch)
tree: 1c6577b8697befb5b1ffc7d384de0ae2d3c32fbc /security
parent: 5b0eea835d4e9cb5229e696c5763929fc2394f39 (diff)
download: linux-bbea03f474850b3bce329aa3b990b1a4853136f0.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 74b63ed1173fc..6b4ad8e912651 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -366,9 +366,12 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
 	return 0;
 }
 
-static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp)
+static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp)
 {
-	size_t len = bytes * num;
+	size_t len;
+
+	if (unlikely(check_mul_overflow(bytes, num, &len)))
+		return -EINVAL;
 
 	if (len > fp->len)
 		return -EINVAL;
author	Christian Göttsche <cgzones@googlemail.com>	2023-07-06 15:23:16 +0200
committer	Paul Moore <paul@paul-moore.com>	2023-07-18 18:29:46 -0400
commit	bbea03f474850b3bce329aa3b990b1a4853136f0 (patch)
tree	1c6577b8697befb5b1ffc7d384de0ae2d3c32fbc /security
parent	5b0eea835d4e9cb5229e696c5763929fc2394f39 (diff)
download	linux-bbea03f474850b3bce329aa3b990b1a4853136f0.tar.gz