[apparmor] [PATCH 5/6] Fix error case of aa_getprocattr to set buffers to NULL
John Johansen
john.johansen at canonical.com
Wed Mar 21 13:02:24 UTC 2012
While aa_getprocattr does return the documented error code on failure
the **buf and **mode parameters can point into the buffer that was
allocated and then discarded on failure.
Set them to null on failure so that even if the error code is ignored
they do not point to heap data.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
libraries/libapparmor/src/kernel_interface.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 33fdda9..7d6edc4 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -278,6 +278,8 @@ int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode)
if (rc == -1) {
free(buffer);
+ *buf = NULL;
+ *mode = NULL;
size = -1;
} else
*buf = buffer;
@@ -617,6 +619,7 @@ int aa_getpeercon(int fd, char **con)
if (rc == -1) {
free(buffer);
+ *con = NULL;
size = -1;
} else
*con = buffer;
--
1.7.9.1
More information about the AppArmor
mailing list