mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

libapparmor: fix api of aa_getpeercon_raw to use unsigned len param

Browse Source 
The len parameter returns a value that correlates to a getsockopt
parameter which is typed to socklen_t which is an unsigned int.

This technically changes the fn() api but old code using this is
already broken if the getsockopt parameter is large enough to overflow
the value.

In reality what is returned shouldn't ever be negative and the value
should never be large enough to trip the overflow. This is just
cleaning up a corner case.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/561                  Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
John Johansen 2020-06-03 01:07:26 -07:00
parent 82b14bd472
commit cdda6ba57b
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libraries/libapparmor/include/sys/apparmor.h
View File

@ -20,6 +20,7 @@
#include <stdbool.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/types.h>
#ifdef __cplusplus
@ -93,7 +94,7 @@ extern int aa_getprocattr(pid_t tid, const char *attr, char **label,
char **mode);
extern int aa_gettaskcon(pid_t target, char **label, char **mode);
extern int aa_getcon(char **label, char **mode);
extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
extern int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode);
extern int aa_getpeercon(int fd, char **label, char **mode);
/* A NUL character is used to separate the query command prefix string from the

9
libraries/libapparmor/src/kernel.c
View File

@ -797,7 +797,7 @@ int aa_getcon(char **label, char **mode)
* Returns: length of confinement context including null termination or -1 on
* error if errno == ERANGE then @len will hold the size needed
*/
int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode)
int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode)
{
socklen_t optlen;
int rc;
@ -806,7 +806,7 @@ int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode)
errno = EINVAL;
return -1;
}
optlen = (socklen_t) *len;
optlen = *len;
if (!is_enabled()) {
errno = EINVAL;
@ -821,7 +821,7 @@ int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode)
/* check for null termination */
if (buf[optlen - 1] != 0) {
if (optlen < (socklen_t) *len) {
if (optlen < *len) {
buf[optlen] = 0;
optlen++;
} else {
@ -862,7 +862,8 @@ out:
*/
int aa_getpeercon(int fd, char **label, char **mode)
{
int rc, last_size, size = INITIAL_GUESS_SIZE;
socklen_t last_size, size = INITIAL_GUESS_SIZE;
int rc;
char *buffer = NULL;
if (!label) {