crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

author Thorsten Blum <thorsten.blum@linux.dev>

Mon, 13 Oct 2025 11:40:10 +0000 (13:40 +0200)

committer Herbert Xu <herbert@gondor.apana.org.au>

Thu, 23 Oct 2025 04:55:42 +0000 (12:55 +0800)
author Thorsten Blum <thorsten.blum@linux.dev>
Mon, 13 Oct 2025 11:40:10 +0000 (13:40 +0200)
committer Herbert Xu <herbert@gondor.apana.org.au>
Thu, 23 Oct 2025 04:55:42 +0000 (12:55 +0800)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c

index ba2d9d1ea235a7133131397d3ab496cf9eb597e2..348966ea2175c9f470a7c87f1906f4d3747743c1 100644 (file)
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -11,6 +11,7 @@
  #include <crypto/public_key.h>
  #include <linux/seq_file.h>
  #include <linux/module.h>
+#include <linux/overflow.h>
  #include <linux/slab.h>
  #include <linux/ctype.h>
  #include <keys/system_keyring.h>
@@ -141,12 +142,17 @@ struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
                                                      size_t len_2)
  {
         struct asymmetric_key_id *kid;
-
-       kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
-                     GFP_KERNEL);
+       size_t kid_sz;
+       size_t len;
+
+       if (check_add_overflow(len_1, len_2, &len))
+               return ERR_PTR(-EOVERFLOW);
+       if (check_add_overflow(sizeof(struct asymmetric_key_id), len, &kid_sz))
+               return ERR_PTR(-EOVERFLOW);
+       kid = kmalloc(kid_sz, GFP_KERNEL);
         if (!kid)
                 return ERR_PTR(-ENOMEM);
-       kid->len = len_1 + len_2;
+       kid->len = len;
         memcpy(kid->data, val_1, len_1);
         memcpy(kid->data + len_1, val_2, len_2);
         return kid;
author	Thorsten Blum <thorsten.blum@linux.dev>
	Mon, 13 Oct 2025 11:40:10 +0000 (13:40 +0200)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 23 Oct 2025 04:55:42 +0000 (12:55 +0800)