[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3c47940d-06e2-6c08-280c-76f7a365cf0b@canonical.com>
Date: Tue, 4 Oct 2022 02:52:03 -0700
From: John Johansen <john.johansen@...onical.com>
To: Muhammad Usama Anjum <usama.anjum@...labora.com>,
Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Cc: kernel@...labora.com, kernel-janitors@...r.kernel.org,
apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] apparmor: store return value of unpack_perms_table() to
signed variable
On 10/4/22 01:45, Muhammad Usama Anjum wrote:
> The unpack_perms_table() can return error which is negative value. Store
> the return value to a signed variable. policy->size is unsigned
> variable. It shouldn't be used to store the return status.
>
> Fixes: 2d6b2dea7f3c ("apparmor: add the ability for policy to specify a permission table")
> Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
yep, thanks I have pulled this in
Acked-by: john.johansen@...onical.com <john.johansen@...onical.com>
> ---
> security/apparmor/policy_unpack.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 45c9dfdc8e0d..09f316943951 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -734,14 +734,18 @@ static int unpack_pdb(struct aa_ext *e, struct aa_policydb *policy,
> {
> void *pos = e->pos;
> int i, flags, error = -EPROTO;
> + ssize_t size;
>
> - policy->size = unpack_perms_table(e, &policy->perms);
> - if (policy->size < 0) {
> - error = policy->size;
> + size = unpack_perms_table(e, &policy->perms);
> + if (size < 0) {
> + error = size;
> policy->perms = NULL;
> *info = "failed to unpack - perms";
> goto fail;
> - } else if (policy->perms) {
> + }
> + policy->size = size;
> +
> + if (policy->perms) {
> /* perms table present accept is index */
> flags = TO_ACCEPT1_FLAG(YYTD_DATA32);
> } else {
Powered by blists - more mailing lists