From f6df1c75166ca913b89ea55dbc3419c4da5331b9 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Tue, 19 May 2015 21:20:37 -0500 Subject: [PATCH] libapparmor: Clean up confinement context's unconfined check Use the passed in confinement context string size to improve the comparison by only doing the string comparison if the size matches and removing the possibility of reading past the end of the buffer. Signed-off-by: Tyler Hicks Acked-by: Seth Arnold --- libraries/libapparmor/src/kernel.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c index 14593b732..b1670503f 100644 --- a/libraries/libapparmor/src/kernel.c +++ b/libraries/libapparmor/src/kernel.c @@ -43,6 +43,9 @@ #define default_symbol_version(real, name, version) \ __asm__ (".symver " #real "," #name "@@" #version) +#define UNCONFINED "unconfined" +#define UNCONFINED_SIZE strlen(UNCONFINED) + /** * aa_find_mountpoint - find where the apparmor interface filesystem is mounted * @mnt: returns buffer with the mountpoint string @@ -151,6 +154,19 @@ static char *procattr_path(pid_t pid, const char *attr) return NULL; } +/** + * parse_unconfined - check for the unconfined label + * @con: the confinement context + * @size: size of the confinement context (not including the NUL terminator) + * + * Returns: True if the con is the unconfined label or false otherwise + */ +static bool parse_unconfined(char *con, int size) +{ + return size == UNCONFINED_SIZE && + strncmp(con, UNCONFINED, UNCONFINED_SIZE) == 0; +} + /** * parse_confinement_mode - get the mode from the confinement context * @con: the confinement context @@ -163,8 +179,7 @@ static char *procattr_path(pid_t pid, const char *attr) */ static char *parse_confinement_mode(char *con, int size) { - if (strcmp(con, "unconfined") != 0 && - size > 3 && con[size - 1] == ')') { + if (!parse_unconfined(con, size) && size > 3 && con[size - 1] == ')') { int pos = size - 2; while (pos > 0 && !(con[pos] == ' ' && con[pos + 1] == '('))