From 8bc0d1e73aadad5bf002ea762b46a10b70d54e05 Mon Sep 17 00:00:00 2001 From: Albert S Date: Sun, 12 Sep 2021 19:41:07 +0200 Subject: [PATCH] Use overflow-safe operator builtins As a precaution as it does not hurt --- qssb.h | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/qssb.h b/qssb.h index a27e2a5..f9f3cc2 100644 --- a/qssb.h +++ b/qssb.h @@ -250,8 +250,8 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz if(remaining < bytes) { size_t expandval = QSSB_ENTRY_ALLOC_SIZE > bytes ? QSSB_ENTRY_ALLOC_SIZE : bytes; - size_t sizenew = entry->size + expandval; - if(sizenew < entry->size) + size_t sizenew = 0; + if(__builtin_add_overflow(entry->size, expandval, &sizenew)) { QSSB_LOG_ERROR("overflow in qssb_entry_append\n"); return -EINVAL; @@ -273,7 +273,13 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz static int qssb_append_syscall(struct qssb_allocated_entry *entry, long *syscalls, size_t n) { - return qssb_entry_append(entry, syscalls, n * sizeof(long)); + size_t bytes = 0; + if(__builtin_mul_overflow(n, sizeof(long), &bytes)) + { + QSSB_LOG_ERROR("Overflow while trying to add system calls\n"); + return -EINVAL; + } + return qssb_entry_append(entry, syscalls, bytes); } static int is_valid_syscall_policy(unsigned int policy) @@ -749,6 +755,18 @@ static int qssb_enable_syscall_policy(struct qssb_policy *policy) long *syscalls = NULL; size_t n = 0; get_syscall_array(current_policy, &syscalls, &n); + + unsigned short int newsize; + if(__builtin_add_overflow(current_filter_index, n, &newsize)) + { + QSSB_LOG_ERROR("Overflow when trying to add new system calls\n"); + return -EINVAL; + } + if(newsize > (sizeof(filter)/sizeof(filter[0]))-1) + { + QSSB_LOG_ERROR("Too many system calls added\n"); + return -EINVAL; + } append_syscalls_to_bpf(syscalls, n, current_policy->policy, filter, ¤t_filter_index); current_policy = current_policy->next; }