[apparmor] [PATCH 3/5] Library interface for tasks introspectingconfinement.

[John Johansen]

On 07/22/2011 07:36 AM, Kees Cook wrote:
> On Thu, Jul 21, 2011 at 01:40:58PM -0700, John Johansen wrote:
>> +int aa_getpeercon_raw(int fd, char *buffer, int *size)
>> +{
>> +	socklen_t optlen = *size;
>> +	int rc = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buffer,&optlen);
>> +	if (rc == -1)
>> +		goto out;
>
> This should check size and *size>0 before assigning optlen, otherwise we
> run a risk of blowing up on the buffer[optlen-1] check. Should check
> for buffer!=NULL too.
>
right

>> +	/* check for null termination */
>> +	if (buffer[optlen - 1] != 0) {
>> +		if (optlen<  *size) {
>> +			buffer[optlen] = 0;
>> +			optlen++;
>> +		} else {
>> +			/* buffer needs to be bigger by 1 */
>> +			rc = -1;
>> +			errno = ERANGE;
>> +			optlen++;
>> +		}
>> +	}
>> +out:
>> +	*size = optlen;
>> +	return rc;
>> +}
>
>> +int aa_getpeercon(int fd, char **con)
>> +{
>> +	int rc, size = INITIAL_GUESS_SIZE;
>
> Check for con != NULL here?
yeah

>
>> +	char *buffer = NULL;
>> +
>> +	do {
>> +		buffer = realloc(buffer, size);
>> +		if (!buffer)
>> +			return -1;
>> +		memset(buffer, 0, size);
>> +
>> +		rc = aa_getpeercon_raw(fd, buffer,&size);
>> +	} while (rc == -1&&  errno == ERANGE);
>> +
>> +	if (rc == -1) {
>> +		free(buffer);
>> +		size = -1;
>> +	} else
>> +		*con = buffer;
>> +
>> +	return size;
>> +}
>
>> +        aa_getpeercon_raw;
>> +        aa_getpeercon;
>>           parse_record;
>>           free_record;
>>           aa_getprocattr_raw;
>
> Does it make sense to export the _raw functions? I'm sort of mentally on
> the fence about that.
>
heh me too, the raw actually started out as being static but when I
switched to a dynamic buffer that grows in size, switched it in
case there was a situation where you really didn't want to be doing
the reallocations.