Re: [PATCH -next] fs-verity: Use struct_size() helper in enable_verity()

[Eric Biggers]

On Wed, May 18, 2022 at 02:13:09PM +0800, Zhang Jianhua wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows
> that, in the worst scenario, could lead to heap overflows.
> 
> Also, address the following sparse warnings:
> fs/verity/enable.c:205:28: warning: using sizeof on a flexible structure
> 
> Signed-off-by: Zhang Jianhua <chris.zjh@xxxxxxxxxx>
> ---
>  fs/verity/enable.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/verity/enable.c b/fs/verity/enable.c
> index f75d2c010f36..075dc0aa5416 100644
> --- a/fs/verity/enable.c
> +++ b/fs/verity/enable.c
> @@ -201,7 +201,7 @@ static int enable_verity(struct file *filp,
>  	const struct fsverity_operations *vops = inode->i_sb->s_vop;
>  	struct merkle_tree_params params = { };
>  	struct fsverity_descriptor *desc;
> -	size_t desc_size = sizeof(*desc) + arg->sig_size;
> +	size_t desc_size = struct_size(desc, signature, arg->sig_size);
>  	struct fsverity_info *vi;
>  	int err;

This patch is a bit more useful than the other one, as the validation of
->sig_size happens in a different function.  But it still happens.  So please
don't claim that this patch is fixing a heap overflow.  People use commit
messages to determine whether patches are fixing something, and how important
the fix is.  So if it's a cleanup (not a bug fix), write that.

- Eric