tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_init

strcpy() is deprecated and sprintf() does not perform bounds checking
either. Although an overflow is unlikely, it's better to proactively
avoid it by using the safer strscpy() and scnprintf(), respectively.

Additionally, unify memory allocation for 'hname' to simplify and
improve aa_policy_init().

Closes: https://github.com/KSPP/linux/issues/88
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: John Johansen <john.johansen@canonical.com>

authored by

Thorsten Blum and committed by
John Johansen b31d3f73 7db8c3c7

+7 -9
+7 -9
security/apparmor/lib.c
··· 478 478 const char *name, gfp_t gfp) 479 479 { 480 480 char *hname; 481 + size_t hname_sz; 481 482 483 + hname_sz = (prefix ? strlen(prefix) + 2 : 0) + strlen(name) + 1; 482 484 /* freed by policy_free */ 483 - if (prefix) { 484 - hname = aa_str_alloc(strlen(prefix) + strlen(name) + 3, gfp); 485 - if (hname) 486 - sprintf(hname, "%s//%s", prefix, name); 487 - } else { 488 - hname = aa_str_alloc(strlen(name) + 1, gfp); 489 - if (hname) 490 - strcpy(hname, name); 491 - } 485 + hname = aa_str_alloc(hname_sz, gfp); 492 486 if (!hname) 493 487 return false; 488 + if (prefix) 489 + scnprintf(hname, hname_sz, "%s//%s", prefix, name); 490 + else 491 + strscpy(hname, name, hname_sz); 494 492 policy->hname = hname; 495 493 /* base.name is a substring of fqname */ 496 494 policy->name = basename(policy->hname);