parser: fix integer overflow bug in rule priority comparisons

There is an integer overflow when comparing priorities when cmp is used because it uses subtraction to find lessthan, equal, and greater than in one operation. But INT_MAX and INT_MIN are being used by priorities and this results in INT_MAX - INT_MIN and INT_MIN - INT_MAX which are both overflows causing an incorrect comparison result and selection of the wrong rule permission. Closes: https://gitlab.com/apparmor/apparmor/-/issues/452 Fixes: e3fca60d1 ("parser: add the ability to specify a priority prefix to rules") Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-31 06:16:03 +00:00 · 2024-08-15 13:22:19 -07:00
parent 8d6270e1fe
commit e2d55844a2
7 changed files with 46 additions and 15 deletions
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -53,12 +53,6 @@ using namespace std;
 */
 extern int parser_token;

-/* Arbitrary max and minimum priority that userspace can specify, internally
- * we handle up to INT_MAX and INT_MIN. Do not ever allow INT_MAX, see
- * note on mediates_priority
- */
-#define MAX_PRIORITY 1000
-#define MIN_PRIORITY -1000

 #define WARN_RULE_NOT_ENFORCED	0x1
 #define WARN_RULE_DOWNGRADED	0x2