[apparmor] [PATCH v2 43/42] libapparmor: Protect _aa_autofree users from freeing bad pointers

Tyler Hicks tyhicks at canonical.com
Tue Mar 24 18:05:49 UTC 2015 

Creates a libapparmor function, _aa_asprintf(), which sets the *strp to
NULL on error. This is needed for all of the users of the _aa_autofree
cleanup attribute because the value of *strp is undefined when
asprintf() fails and that could result in _aa_autofree() being passed a
pointer value that it should not free.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/include/sys/apparmor_private.h |  2 ++
 libraries/libapparmor/src/private.c                  | 15 +++++++++++++++
 libraries/libapparmor/src/private.h                  |  2 ++
 parser/lib.h                                         |  2 ++
 4 files changed, 21 insertions(+)

diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
index 5cf4c25..14055df 100644
--- a/libraries/libapparmor/include/sys/apparmor_private.h
+++ b/libraries/libapparmor/include/sys/apparmor_private.h
@@ -29,6 +29,8 @@ void _aa_autofree(void *p);
 void _aa_autoclose(int *fd);
 void _aa_autofclose(FILE **f);
 
+int _aa_asprintf(char **strp, const char *fmt, ...);
+
 int _aa_dirat_for_each(DIR *dir, const char *name, void *data,
 		       int (* cb)(DIR *, const char *, struct stat *, void *));
 
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index f0ff941..c99a57d 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -142,6 +142,21 @@ void _aa_autofclose(FILE **f)
 	}
 }
 
+int _aa_asprintf(char **strp, const char *fmt, ...)
+{
+	va_list args;
+	int rc;
+
+	va_start(args, fmt);
+	rc = vasprintf(strp, fmt, args);
+	va_end(args);
+
+	if (rc == -1)
+		*strp = NULL;
+
+	return rc;
+}
+
 /**
  * _aa_dirat_for_each: iterate over a directory calling cb for each entry
  * @dir: already opened directory (MAY BE NULL)
diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
index 7921e2b..09a5620 100644
--- a/libraries/libapparmor/src/private.h
+++ b/libraries/libapparmor/src/private.h
@@ -25,6 +25,8 @@
 #define autofclose __attribute((cleanup(_aa_autofclose)))
 #define unused __attribute__ ((unused))
 
+#define asprintf _aa_asprintf
+
 #if ENABLE_DEBUG_OUTPUT
 
 #define PERROR(fmt, args...)	print_error(true, "libapparmor", fmt, ## args)
diff --git a/parser/lib.h b/parser/lib.h
index a182439..a980a5a 100644
--- a/parser/lib.h
+++ b/parser/lib.h
@@ -7,6 +7,8 @@
 #define autoclose __attribute((cleanup(_aa_autoclose)))
 #define autofclose __attribute((cleanup(_aa_autofclose)))
 
+#define asprintf _aa_asprintf
+
 int dirat_for_each(DIR *dir, const char *name, void *data,
 		   int (* cb)(DIR *, const char *, struct stat *, void *));
 
-- 
2.1.4

More information about the AppArmor mailing list