[apparmor] patch: override AF_MAX for kernels that don't support proper masking

Jamie Strandboge jamie at canonical.com
Thu Mar 3 23:51:06 UTC 2011


On Thu, 2011-03-03 at 13:42 -0800, John Johansen wrote:
> +#define PROC_VERSION "/proc/sys/kernel/osrelease"
...
> +	fd = open(PROC_VERSION, O_RDONLY);
> +	if (!fd)
> +		/* fall back to default provided during build */
> +		return 0;
> +	res = read(fd, &buffer, sizeof(buffer));
> +	close(fd);
> +	if (!res)
> +		return 0;

I'm not sure if /proc/sys/kernel/osrelease can ever be longer than 32
characters (with the trailing '\0'), but if it is, we have an
unterminated string. For future-proofing, I'd prefer if this was changed
to:
	...
	res = read(fd, &buffer, sizeof(buffer));
	close(fd);
	if (!res)
		return 0;
	buffer[sizeof(buffer)-1] = '\0';

ACK with this change.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110303/4c3b8d1a/attachment.pgp>


More information about the AppArmor mailing list