| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Apr 2007 11:28:52 +0100
From: Alan Cox <alan@...rguk.ukuu.org.uk>
To: jjohansen@...e.de
Cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, chrisw@...s-sol.org,
John Johansen <jjohansen@...e.de>,
Andreas Gruenbacher <agruen@...e.de>
Subject: Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation,
pathname matching
> + th.td_id = ntohs(*(u16 *) (blob));
> + th.td_flags = ntohs(*(u16 *) (blob + 2));
> + th.td_lolen = ntohl(*(u32 *) (blob + 8));
Use cpu_to and _to_cpu functions for here so it is clear the intended
direction and endianness.
> +
> +static inline int aa_inbounds(struct aa_ext *e, size_t size)
> +{
> + return (e->pos + size <= e->end);
> +}
Can e->pos + size ever overflow. If so this check isn't safe.
> + * aa_unpack_profile - unpack a serialized profile
> + * @e: serialized data extent information
> + * @error: error code returned if unpacking fails
> + */
> +static struct aa_profile *aa_unpack_profile(struct aa_ext *e)
> +{
> + struct aa_profile *profile = NULL;
> +
> + /* get optional subprofiles */
> + if (aa_is_nameX(e, AA_LIST, "hats")) {
> + while (!aa_is_nameX(e, AA_LISTEND, NULL)) {
> + struct aa_profile *subprofile;
> + subprofile = aa_unpack_profile(e);
> + if (IS_ERR(subprofile)) {
What bounds recursion here on invalid input ?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists