[apparmor] [PATCH 6/6] Fix the return size of aa_getprocattr

[John Johansen]

aa_getprocattr is returning the size of the buffer not the size of the
data read that it is supposed to return.  Also update the man page to
reflect the return value as documented in the functions, and update
the test cases to check the return value.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 libraries/libapparmor/doc/aa_getcon.pod      |    3 +-
 libraries/libapparmor/src/kernel_interface.c |    3 +-
 tests/regression/apparmor/introspect.c       |   33 ++++++++++++++++++++-----
 3 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/libraries/libapparmor/doc/aa_getcon.pod b/libraries/libapparmor/doc/aa_getcon.pod
index 2c72264..f279128 100644
--- a/libraries/libapparmor/doc/aa_getcon.pod
+++ b/libraries/libapparmor/doc/aa_getcon.pod
@@ -69,7 +69,8 @@ does not handle buffer allocation.
 
 =head1 RETURN VALUE
 
-On success zero is returned. On error, -1 is returned, and
+On success size of data placed in the buffer is returned, this includes the
+mode if present and any terminating characters. On error, -1 is returned, and
 errno(3) is set appropriately.
 
 =head1 ERRORS
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 7d6edc4..8252b88 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -280,11 +280,10 @@ int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode)
 		free(buffer);
 		*buf = NULL;
 		*mode = NULL;
-		size = -1;
 	} else
 		*buf = buffer;
 
-	return size;
+	return rc;
 }
 
 static int setprocattr(pid_t tid, const char *attr, const char *buf, int len)
diff --git a/tests/regression/apparmor/introspect.c b/tests/regression/apparmor/introspect.c
index bbdf908..367ea37 100644
--- a/tests/regression/apparmor/introspect.c
+++ b/tests/regression/apparmor/introspect.c
@@ -31,7 +31,8 @@ int main(int argc, char *argv[])
         }
 
         if (strcmp(argv[1], "self") == 0){
-		if (aa_getcon(&profile, &mode) == -1) {
+		rc = aa_getcon(&profile, &mode);
+		if (rc == -1) {
 			int serrno = errno;
                         fprintf(stderr,
 				"FAIL: introspect_confinement %s failed - %s\n",
@@ -47,12 +48,15 @@ int main(int argc, char *argv[])
 				"FAIL: query_confinement - invalid pid: %s\n",
 				argv[1]);
 			exit(serrno);
-		} else if (aa_gettaskcon(pid, &profile, &mode) == -1) {
-			int serrno = errno;
-                        fprintf(stderr,
-				"FAIL: query_confinement %s failed - %s\n",
-                                argv[1], strerror(errno));
-                        exit(serrno);
+		} else {
+			rc = aa_gettaskcon(pid, &profile, &mode);
+			if (rc == -1) {
+				int serrno = errno;
+				fprintf(stderr,
+					"FAIL: query_confinement %s failed - %s\n",
+					argv[1], strerror(errno));
+				exit(serrno);
+			}
 		}
 	}
 	if (strcmp(profile, argv[2]) != 0) {
@@ -61,6 +65,21 @@ int main(int argc, char *argv[])
 			profile);
 		exit(1);
 	}
+	if (mode) {
+		if (rc != strlen(profile) + strlen(mode) + 4) {
+			/* rc includes mode. + 2 null term + 1 ( + 1 space */
+			fprintf(stderr,
+				"FAIL: expected return len %d != actual %d\n",
+				strlen(profile) + strlen(mode) + 4, rc);
+			exit(1);
+		}
+	} else if (rc != strlen(profile) + 1) {
+		/* rc includes null termination */
+		fprintf(stderr,
+			"FAIL: expected return len %d != actual %d\n",
+			strlen(profile) + 1, rc);
+		exit(1);
+	}
 	if (argv[3] && (!mode || strcmp(mode, argv[3]) != 0)) {
 		fprintf(stderr,
 			"FAIL: expected mode \"%s\" != \"%s\"\n", argv[3],
-- 
1.7.9.1