Use overflow-safe operator builtins
As a precaution as it does not hurt
Šī revīzija ir iekļauta:
vecāks
215032f32c
revīzija
8bc0d1e73a
24
qssb.h
24
qssb.h
@ -250,8 +250,8 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz
|
|||||||
if(remaining < bytes)
|
if(remaining < bytes)
|
||||||
{
|
{
|
||||||
size_t expandval = QSSB_ENTRY_ALLOC_SIZE > bytes ? QSSB_ENTRY_ALLOC_SIZE : bytes;
|
size_t expandval = QSSB_ENTRY_ALLOC_SIZE > bytes ? QSSB_ENTRY_ALLOC_SIZE : bytes;
|
||||||
size_t sizenew = entry->size + expandval;
|
size_t sizenew = 0;
|
||||||
if(sizenew < entry->size)
|
if(__builtin_add_overflow(entry->size, expandval, &sizenew))
|
||||||
{
|
{
|
||||||
QSSB_LOG_ERROR("overflow in qssb_entry_append\n");
|
QSSB_LOG_ERROR("overflow in qssb_entry_append\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
@ -273,7 +273,13 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz
|
|||||||
|
|
||||||
static int qssb_append_syscall(struct qssb_allocated_entry *entry, long *syscalls, size_t n)
|
static int qssb_append_syscall(struct qssb_allocated_entry *entry, long *syscalls, size_t n)
|
||||||
{
|
{
|
||||||
return qssb_entry_append(entry, syscalls, n * sizeof(long));
|
size_t bytes = 0;
|
||||||
|
if(__builtin_mul_overflow(n, sizeof(long), &bytes))
|
||||||
|
{
|
||||||
|
QSSB_LOG_ERROR("Overflow while trying to add system calls\n");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
return qssb_entry_append(entry, syscalls, bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int is_valid_syscall_policy(unsigned int policy)
|
static int is_valid_syscall_policy(unsigned int policy)
|
||||||
@ -749,6 +755,18 @@ static int qssb_enable_syscall_policy(struct qssb_policy *policy)
|
|||||||
long *syscalls = NULL;
|
long *syscalls = NULL;
|
||||||
size_t n = 0;
|
size_t n = 0;
|
||||||
get_syscall_array(current_policy, &syscalls, &n);
|
get_syscall_array(current_policy, &syscalls, &n);
|
||||||
|
|
||||||
|
unsigned short int newsize;
|
||||||
|
if(__builtin_add_overflow(current_filter_index, n, &newsize))
|
||||||
|
{
|
||||||
|
QSSB_LOG_ERROR("Overflow when trying to add new system calls\n");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
if(newsize > (sizeof(filter)/sizeof(filter[0]))-1)
|
||||||
|
{
|
||||||
|
QSSB_LOG_ERROR("Too many system calls added\n");
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
append_syscalls_to_bpf(syscalls, n, current_policy->policy, filter, ¤t_filter_index);
|
append_syscalls_to_bpf(syscalls, n, current_policy->policy, filter, ¤t_filter_index);
|
||||||
current_policy = current_policy->next;
|
current_policy = current_policy->next;
|
||||||
}
|
}
|
||||||
|
Notiek ielāde…
Atsaukties uz šo jaunā problēmā
Block a user