]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
audit: fix potential integer overflow in audit_log_n_hex()
authorRicardo Robaina <rrobaina@redhat.com>
Thu, 2 Jul 2026 14:04:11 +0000 (11:04 -0300)
committerPaul Moore <paul@paul-moore.com>
Wed, 8 Jul 2026 18:22:14 +0000 (14:22 -0400)
commit65dfde57d1e29ce2b76fc23dd565eccd5c0bc0f0
tree05e6547ef53c00bab8270a177bf7129fe85c8f02
parentc9a71daaecb2fb1d8c704545cc0b1c920b9bf5d7
audit: fix potential integer overflow in audit_log_n_hex()

The function calculates new_len as len << 1 for hex encoding. This
has two overflow risks: the shift itself can overflow when len is
large, and the result can be truncated when assigned to new_len
(declared as int) from the size_t calculation.

Fix by using check_shl_overflow() to catch shift overflow and
changing new_len and loop counter i to size_t to prevent truncation.

Cc: stable@vger.kernel.org
Fixes: 168b7173959f ("AUDIT: Clean up logging of untrusted strings")
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
[PM: remove vertical whitspace noise]
Signed-off-by: Paul Moore <paul@paul-moore.com>
kernel/audit.c