Commit b31d3f73 authored by Thorsten Blum's avatar Thorsten Blum Committed by John Johansen
Browse files

apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_init 

strcpy() is deprecated and sprintf() does not perform bounds checking
either. Although an overflow is unlikely, it's better to proactively
avoid it by using the safer strscpy() and scnprintf(), respectively.

Additionally, unify memory allocation for 'hname' to simplify and
improve aa_policy_init().

Closes: https://github.com/KSPP/linux/issues/88


Reviewed-by: default avatarSerge Hallyn <serge@hallyn.com>
Signed-off-by: default avatarThorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 7db8c3c7

security/apparmor/lib.c

+7 −9
Original line number Diff line number Diff line
@@ -478,19 +478,17 @@ bool aa_policy_init(struct aa_policy *policy, const char *prefix, 
		    const char *name, gfp_t gfp)

{

	char *hname;

	size_t hname_sz;



	hname_sz = (prefix ? strlen(prefix) + 2 : 0) + strlen(name) + 1;

	/* freed by policy_free */

	if (prefix) {

		hname = aa_str_alloc(strlen(prefix) + strlen(name) + 3, gfp);

		if (hname)

			sprintf(hname, "%s//%s", prefix, name);

	} else {

		hname = aa_str_alloc(strlen(name) + 1, gfp);

		if (hname)

			strcpy(hname, name);

	}

	hname = aa_str_alloc(hname_sz, gfp);

	if (!hname)

		return false;

	if (prefix)

		scnprintf(hname, hname_sz, "%s//%s", prefix, name);

	else

		strscpy(hname, name, hname_sz);

	policy->hname = hname;

	/* base.name is a substring of fqname */

	policy->name = basename(policy->hname);