AppArmor: Ensure the size of the copy is < the buffer allocated to hold it
Actually I think in this case the appropriate thing to do is to BUG as there is currently a case (remove) where the alloc_size needs to be larger than the copy_size, and if copy_size is ever greater than alloc_size there is a mistake in the caller code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
9f1c1d426b
commit
3ed02ada2a
1 changed files with 3 additions and 1 deletions
|
@ -29,7 +29,7 @@
|
||||||
* aa_simple_write_to_buffer - common routine for getting policy from user
|
* aa_simple_write_to_buffer - common routine for getting policy from user
|
||||||
* @op: operation doing the user buffer copy
|
* @op: operation doing the user buffer copy
|
||||||
* @userbuf: user buffer to copy data from (NOT NULL)
|
* @userbuf: user buffer to copy data from (NOT NULL)
|
||||||
* @alloc_size: size of user buffer
|
* @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
|
||||||
* @copy_size: size of data to copy from user buffer
|
* @copy_size: size of data to copy from user buffer
|
||||||
* @pos: position write is at in the file (NOT NULL)
|
* @pos: position write is at in the file (NOT NULL)
|
||||||
*
|
*
|
||||||
|
@ -42,6 +42,8 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
|
||||||
{
|
{
|
||||||
char *data;
|
char *data;
|
||||||
|
|
||||||
|
BUG_ON(copy_size > alloc_size);
|
||||||
|
|
||||||
if (*pos != 0)
|
if (*pos != 0)
|
||||||
/* only writes from pos 0, that is complete writes */
|
/* only writes from pos 0, that is complete writes */
|
||||||
return ERR_PTR(-ESPIPE);
|
return ERR_PTR(-ESPIPE);
|
||||||
|
|
Loading…
Reference in a new issue