mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

Remove aa_query_file_{path,link}_len wrappers

Browse Source 
The prefix can be done in higher-level languages via slicing and having an explicit length exposes an out-of-bounds memory read footgun to those higher level languages

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
This commit is contained in:
Ryan Lee 2024-10-04 10:06:06 -07:00
parent 53e3116350
commit a2df3143d1
2 changed files with 0 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libraries/libapparmor/swig/SWIG/libapparmor.i
View File

@ -350,15 +350,8 @@ extern int aa_getpeercon(int fd, char **label, char **mode);
#define AA_MAY_ONEXEC 0x20000000 #define AA_MAY_ONEXEC 0x20000000
#define AA_MAY_CHANGE_PROFILE 0x40000000 #define AA_MAY_CHANGE_PROFILE 0x40000000
extern int aa_query_file_path_len(uint32_t mask, const char *label,
size_t label_len, const char *path,
size_t path_len, int *allowed, int *audited);
extern int aa_query_file_path(uint32_t mask, const char *label, extern int aa_query_file_path(uint32_t mask, const char *label,
const char *path, int *allowed, int *audited); const char *path, int *allowed, int *audited);
extern int aa_query_link_path_len(const char *label, size_t label_len,
const char *target, size_t target_len,
const char *link, size_t link_len,
int *allowed, int *audited);
extern int aa_query_link_path(const char *label, const char *target, extern int aa_query_link_path(const char *label, const char *target,
const char *link, int *allowed, int *audited); const char *link, int *allowed, int *audited);

7
libraries/libapparmor/swig/python/test/test_python.py.in
View File

@ -135,9 +135,6 @@ class AAPythonBindingsTests(unittest.TestCase):
# extern int aa_getpeercon(int fd, char **label, char **mode); # extern int aa_getpeercon(int fd, char **label, char **mode);
# extern int aa_query_file_path_len(uint32_t mask, const char *label,
# size_t label_len, const char *path,
# size_t path_len, int *allowed, int *audited);
# extern int aa_query_file_path(uint32_t mask, const char *label, # extern int aa_query_file_path(uint32_t mask, const char *label,
# const char *path, int *allowed, int *audited); # const char *path, int *allowed, int *audited);
@unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled") @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
@ -146,10 +143,6 @@ class AAPythonBindingsTests(unittest.TestCase):
allowed, audited = libapparmor.aa_query_file_path(aa_query_mask, "unconfined", "/tmp/hello") allowed, audited = libapparmor.aa_query_file_path(aa_query_mask, "unconfined", "/tmp/hello")
self.assertTrue(allowed) self.assertTrue(allowed)
self.assertFalse(audited) self.assertFalse(audited)
# extern int aa_query_link_path_len(const char *label, size_t label_len,
# const char *target, size_t target_len,
# const char *link, size_t link_len,
# int *allowed, int *audited);
# extern int aa_query_link_path(const char *label, const char *target, # extern int aa_query_link_path(const char *label, const char *target,
# const char *link, int *allowed, int *audited); # const char *link, int *allowed, int *audited);