From: GUO Zihua <guozihua@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5H61R CVE: NA -------------------------------- pgp_key_generate_id() is trying get the size of a flexible length structure, however the sizeof() is called on the pointer itself. Besides, considering it's trying to get the size of a flexible length structure, use struct_size() instead. Fixes: 4006f47d4e21 ("KEYS: PGP data parser") Signed-off-by: GUO Zihua <guozihua@huawei.com> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- crypto/asymmetric_keys/pgp_public_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/pgp_public_key.c b/crypto/asymmetric_keys/pgp_public_key.c index 98b1707a0164..928029a13435 100644 --- a/crypto/asymmetric_keys/pgp_public_key.c +++ b/crypto/asymmetric_keys/pgp_public_key.c @@ -283,7 +283,8 @@ static struct asymmetric_key_ids *pgp_key_generate_id( goto error; kids->id[0] = kid; - kids->id[1] = kmemdup(kid, sizeof(kid) + fingerprint_len, GFP_KERNEL); + kids->id[1] = kmemdup(kid, struct_size(kid, data, fingerprint_len), + GFP_KERNEL); if (!kids->id[1]) goto error; -- 2.20.1