104 lines
3.1 KiB
Diff
104 lines
3.1 KiB
Diff
|
From 0744fa4f533c765d0a704fe8aa7174a0f93eb7bc Mon Sep 17 00:00:00 2001
|
||
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||
|
Date: Thu, 22 Apr 2021 08:46:04 +0200
|
||
|
Subject: [PATCH] libsepol: use checked arithmetic builtin to perform safe
|
||
|
addition
|
||
|
|
||
|
Checking whether an overflow occurred after adding two values can be
|
||
|
achieved using checked arithmetic builtin functions such as:
|
||
|
|
||
|
bool __builtin_add_overflow(type1 x, type2 y, type3 *sum);
|
||
|
|
||
|
This function is available at least in clang
|
||
|
(at least since clang 3.8.0,
|
||
|
https://releases.llvm.org/3.8.0/tools/clang/docs/LanguageExtensions.html#checked-arithmetic-builtins)
|
||
|
and gcc
|
||
|
(https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html,
|
||
|
since gcc 5 according to https://gcc.gnu.org/gcc-5/changes.html)
|
||
|
|
||
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||
|
---
|
||
|
libsepol/src/context_record.c | 29 ++++++-----------------------
|
||
|
libsepol/src/module_to_cil.c | 6 ++----
|
||
|
2 files changed, 8 insertions(+), 27 deletions(-)
|
||
|
|
||
|
diff --git a/libsepol/src/context_record.c b/libsepol/src/context_record.c
|
||
|
index 317a42133884..435f788058c4 100644
|
||
|
--- a/libsepol/src/context_record.c
|
||
|
+++ b/libsepol/src/context_record.c
|
||
|
@@ -267,31 +267,13 @@ int sepol_context_from_string(sepol_handle_t * handle,
|
||
|
return STATUS_ERR;
|
||
|
}
|
||
|
|
||
|
-
|
||
|
-static inline int safe_sum(size_t *sum, const size_t augends[], const size_t cnt) {
|
||
|
-
|
||
|
- size_t a, i;
|
||
|
-
|
||
|
- *sum = 0;
|
||
|
- for(i=0; i < cnt; i++) {
|
||
|
- /* sum should not be smaller than the addend */
|
||
|
- a = augends[i];
|
||
|
- *sum += a;
|
||
|
- if (*sum < a) {
|
||
|
- return i;
|
||
|
- }
|
||
|
- }
|
||
|
-
|
||
|
- return 0;
|
||
|
-}
|
||
|
-
|
||
|
int sepol_context_to_string(sepol_handle_t * handle,
|
||
|
const sepol_context_t * con, char **str_ptr)
|
||
|
{
|
||
|
|
||
|
int rc;
|
||
|
char *str = NULL;
|
||
|
- size_t total_sz, err;
|
||
|
+ size_t total_sz = 0, i;
|
||
|
const size_t sizes[] = {
|
||
|
strlen(con->user), /* user length */
|
||
|
strlen(con->role), /* role length */
|
||
|
@@ -300,10 +282,11 @@ int sepol_context_to_string(sepol_handle_t * handle,
|
||
|
((con->mls) ? 3 : 2) + 1 /* mls has extra ":" also null byte */
|
||
|
};
|
||
|
|
||
|
- err = safe_sum(&total_sz, sizes, ARRAY_SIZE(sizes));
|
||
|
- if (err) {
|
||
|
- ERR(handle, "invalid size, overflow at position: %zu", err);
|
||
|
- goto err;
|
||
|
+ for (i = 0; i < ARRAY_SIZE(sizes); i++) {
|
||
|
+ if (__builtin_add_overflow(total_sz, sizes[i], &total_sz)) {
|
||
|
+ ERR(handle, "invalid size, overflow at position: %zu", i);
|
||
|
+ goto err;
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
str = (char *)malloc(total_sz);
|
||
|
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
|
||
|
index 58df0d4f6d77..496693f4616e 100644
|
||
|
--- a/libsepol/src/module_to_cil.c
|
||
|
+++ b/libsepol/src/module_to_cil.c
|
||
|
@@ -1134,16 +1134,14 @@ static int name_list_to_string(char **names, unsigned int num_names, char **stri
|
||
|
char *strpos;
|
||
|
|
||
|
for (i = 0; i < num_names; i++) {
|
||
|
- len += strlen(names[i]);
|
||
|
- if (len < strlen(names[i])) {
|
||
|
+ if (__builtin_add_overflow(len, strlen(names[i]), &len)) {
|
||
|
log_err("Overflow");
|
||
|
return -1;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// add spaces + null terminator
|
||
|
- len += num_names;
|
||
|
- if (len < (size_t)num_names) {
|
||
|
+ if (__builtin_add_overflow(len, (size_t)num_names, &len)) {
|
||
|
log_err("Overflow");
|
||
|
return -1;
|
||
|
}
|
||
|
--
|
||
|
2.32.0
|
||
|
|