Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: replace sprintf with snprintf in aa_new_learning_profile
Replace unbounded sprintf() calls with snprintf() to prevent potential
buffer overflows in aa_new_learning_profile(). While the current code
works correctly, snprintf() is safer and follows secure coding best
practices. No functional changes.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: John Johansen <john.johansen@canonical.com>
authored by
Thorsten Blum
and committed by
John Johansen
7db8c3c7
8f0b4cce
+9
-6
+9
-6
security/apparmor/policy.c
+9
-6
security/apparmor/policy.c
···
697
697
struct aa_profile *p, *profile;
698
698
const char *bname;
699
699
char *name = NULL;
700
+
size_t name_sz;
700
701
701
702
AA_BUG(!parent);
702
703
703
704
if (base) {
704
-
name = kmalloc(strlen(parent->base.hname) + 8 + strlen(base),
705
-
gfp);
705
+
name_sz = strlen(parent->base.hname) + 8 + strlen(base);
706
+
name = kmalloc(name_sz, gfp);
706
707
if (name) {
707
-
sprintf(name, "%s//null-%s", parent->base.hname, base);
708
+
snprintf(name, name_sz, "%s//null-%s",
709
+
parent->base.hname, base);
708
710
goto name;
709
711
}
710
712
/* fall through to try shorter uniq */
711
713
}
712
714
713
-
name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, gfp);
715
+
name_sz = strlen(parent->base.hname) + 2 + 7 + 8;
716
+
name = kmalloc(name_sz, gfp);
714
717
if (!name)
715
718
return NULL;
716
-
sprintf(name, "%s//null-%x", parent->base.hname,
717
-
atomic_inc_return(&parent->ns->uniq_null));
719
+
snprintf(name, name_sz, "%s//null-%x", parent->base.hname,
720
+
atomic_inc_return(&parent->ns->uniq_null));
718
721
719
722
name:
720
723
/* lookup to see if this is a dup creation */