[apparmor] [PATCH 1/2] libapparmor: Fix overflowed return value

Seth Arnold seth.arnold at canonical.com
Fri Sep 30 20:00:05 UTC 2016 

On Thu, Sep 29, 2016 at 07:32:30PM -0500, Tyler Hicks wrote:
> The load_features_file() function returned an int but calculated the
> value by subtracting two pointers. On 64 bit systems, that results in a
> 64 bit value being represented as a 32 bit type.
> 
> Coverity CID #55992
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> ---
>  libraries/libapparmor/src/features.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/features.c b/libraries/libapparmor/src/features.c
> index 4cec6cb..088c4ea 100644
> --- a/libraries/libapparmor/src/features.c
> +++ b/libraries/libapparmor/src/features.c
> @@ -92,8 +92,8 @@ static int features_snprintf(struct features_struct *fst, const char *fmt, ...)
>   * ENOBUFS indicating that @buffer was not large enough to contain all of the
>   * file contents.
>   */
> -static int load_features_file(int dirfd, const char *path,
> -			      char *buffer, size_t size)
> +static ssize_t load_features_file(int dirfd, const char *path,
> +				  char *buffer, size_t size)
>  {
>  	autoclose int file = -1;
>  	char *pos = buffer;
> @@ -156,7 +156,7 @@ static int features_dir_cb(int dirfd, const char *name, struct stat *st,
>  		return -1;
>  
>  	if (S_ISREG(st->st_mode)) {
> -		int len;
> +		ssize_t len;
>  		int remaining = fst->size - (fst->pos - fst->buffer);
>  
>  		len = load_features_file(dirfd, name, fst->pos, remaining);
> @@ -175,8 +175,8 @@ static int features_dir_cb(int dirfd, const char *name, struct stat *st,
>  	return 0;
>  }
>  
> -static int load_features_dir(int dirfd, const char *path,
> -			     char *buffer, int size)
> +static ssize_t load_features_dir(int dirfd, const char *path,
> +				 char *buffer, int size)
>  {
>  	struct features_struct fst = { buffer, size, buffer };
>  
> @@ -369,7 +369,7 @@ int aa_features_new(aa_features **features, int dirfd, const char *path)
>  {
>  	struct stat stat_file;
>  	aa_features *f;
> -	int retval;
> +	ssize_t retval;
>  
>  	*features = NULL;
>  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160930/b21192aa/attachment.pgp>

More information about the AppArmor mailing list