Re: [PATCH] libsepol/cil: bail out on snprintf failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 3, 2022 at 12:45 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Mon, Dec 20, 2021 at 3:16 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Do not continue with a negative return value once a string append
> > operation fails to avoid increasing the buffer length variable
> > `str_len`, potentially leading to an out-of-bounds write.
> >
> > Found by GitHub CodeQL.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/cil/src/cil.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
> > index 9916cbee..38edcf8e 100644
> > --- a/libsepol/cil/src/cil.c
> > +++ b/libsepol/cil/src/cil.c
> > @@ -1456,6 +1456,12 @@ int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
> >
> >                 buf_pos = snprintf(str_tmp, str_len, "user %s prefix %s;\n", user->datum.fqn,
> >                                                                         userprefix->prefix_str);
> > +               if (buf_pos < 0) {
> > +                       free(str_tmp);
> > +                       *size = 0;
> > +                       *out = NULL;
> > +                       goto exit;
> > +               }
> >                 str_len -= buf_pos;
> >                 str_tmp += buf_pos;
> >         }
> > --
> > 2.34.1
> >




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux