mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-05 16:55:32 +00:00
Code Issues Releases Wiki Activity

Subject: libapparmor: Safeguard aa_getpeercon buffer reallocation

Browse Source 
Protect against bugs in AppArmor's getsockopt() LSM hook from sending
aa_getpeercon() into an infinite loop.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen
2013-06-25 15:52:15 -07:00
committed by Tyler Hicks
parent 887c0a9a44
commit b6c9a7623a
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libraries/libapparmor/src/kernel_interface.c
View File

@@ -599,7 +599,7 @@ out:
*/
int aa_getpeercon(int fd, char **con)
{
int rc, size = INITIAL_GUESS_SIZE;
int rc, last_size, size = INITIAL_GUESS_SIZE;
char *buffer = NULL;
if (!con) {
@@ -608,13 +608,15 @@ int aa_getpeercon(int fd, char **con)
}
do {
last_size = size;
buffer = realloc(buffer, size);
if (!buffer)
return -1;
memset(buffer, 0, size);
rc = aa_getpeercon_raw(fd, buffer, &size);
} while (rc == -1 && errno == ERANGE);
/* size should contain actual size needed if errno == ERANGE */
} while (rc == -1 && errno == ERANGE && size > last_size);
if (rc == -1) {
free(buffer);