Commit 7db8c3c7 authored by Thorsten Blum's avatar Thorsten Blum Committed by John Johansen
Browse files

apparmor: replace sprintf with snprintf in aa_new_learning_profile 



Replace unbounded sprintf() calls with snprintf() to prevent potential
buffer overflows in aa_new_learning_profile(). While the current code
works correctly, snprintf() is safer and follows secure coding best
practices.  No functional changes.

Signed-off-by: default avatarThorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 8f0b4cce

security/apparmor/policy.c

+9 −6
Original line number Diff line number Diff line
@@ -697,23 +697,26 @@ struct aa_profile *aa_new_learning_profile(struct aa_profile *parent, bool hat, 
	struct aa_profile *p, *profile;

	const char *bname;

	char *name = NULL;

	size_t name_sz;



	AA_BUG(!parent);



	if (base) {

		name = kmalloc(strlen(parent->base.hname) + 8 + strlen(base),

			       gfp);

		name_sz = strlen(parent->base.hname) + 8 + strlen(base);

		name = kmalloc(name_sz, gfp);

		if (name) {

			sprintf(name, "%s//null-%s", parent->base.hname, base);

			snprintf(name, name_sz, "%s//null-%s",

				 parent->base.hname, base);

			goto name;

		}

		/* fall through to try shorter uniq */

	}



	name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, gfp);

	name_sz = strlen(parent->base.hname) + 2 + 7 + 8;

	name = kmalloc(name_sz, gfp);

	if (!name)

		return NULL;

	sprintf(name, "%s//null-%x", parent->base.hname,

	snprintf(name, name_sz, "%s//null-%x", parent->base.hname,

		 atomic_inc_return(&parent->ns->uniq_null));



name: