[apparmor] [PATCH v2 43/42] libapparmor: Protect _aa_autofree users from freeing bad pointers

John Johansen john.johansen at canonical.com
Tue Mar 24 21:27:05 UTC 2015 

On 03/24/2015 11:05 AM, Tyler Hicks wrote:
> Creates a libapparmor function, _aa_asprintf(), which sets the *strp to
> NULL on error. This is needed for all of the users of the _aa_autofree
> cleanup attribute because the value of *strp is undefined when
> asprintf() fails and that could result in _aa_autofree() being passed a
> pointer value that it should not free.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  libraries/libapparmor/include/sys/apparmor_private.h |  2 ++
>  libraries/libapparmor/src/private.c                  | 15 +++++++++++++++
>  libraries/libapparmor/src/private.h                  |  2 ++
>  parser/lib.h                                         |  2 ++
>  4 files changed, 21 insertions(+)
> 
> diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
> index 5cf4c25..14055df 100644
> --- a/libraries/libapparmor/include/sys/apparmor_private.h
> +++ b/libraries/libapparmor/include/sys/apparmor_private.h
> @@ -29,6 +29,8 @@ void _aa_autofree(void *p);
>  void _aa_autoclose(int *fd);
>  void _aa_autofclose(FILE **f);
>  
> +int _aa_asprintf(char **strp, const char *fmt, ...);
> +
>  int _aa_dirat_for_each(DIR *dir, const char *name, void *data,
>  		       int (* cb)(DIR *, const char *, struct stat *, void *));
>  
> diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> index f0ff941..c99a57d 100644
> --- a/libraries/libapparmor/src/private.c
> +++ b/libraries/libapparmor/src/private.c
> @@ -142,6 +142,21 @@ void _aa_autofclose(FILE **f)
>  	}
>  }
>  
> +int _aa_asprintf(char **strp, const char *fmt, ...)
> +{
> +	va_list args;
> +	int rc;
> +
> +	va_start(args, fmt);
> +	rc = vasprintf(strp, fmt, args);
> +	va_end(args);
> +
> +	if (rc == -1)
> +		*strp = NULL;
> +
> +	return rc;
> +}
> +
>  /**
>   * _aa_dirat_for_each: iterate over a directory calling cb for each entry
>   * @dir: already opened directory (MAY BE NULL)
> diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
> index 7921e2b..09a5620 100644
> --- a/libraries/libapparmor/src/private.h
> +++ b/libraries/libapparmor/src/private.h
> @@ -25,6 +25,8 @@
>  #define autofclose __attribute((cleanup(_aa_autofclose)))
>  #define unused __attribute__ ((unused))
>  
> +#define asprintf _aa_asprintf
> +
>  #if ENABLE_DEBUG_OUTPUT
>  
>  #define PERROR(fmt, args...)	print_error(true, "libapparmor", fmt, ## args)
> diff --git a/parser/lib.h b/parser/lib.h
> index a182439..a980a5a 100644
> --- a/parser/lib.h
> +++ b/parser/lib.h
> @@ -7,6 +7,8 @@
>  #define autoclose __attribute((cleanup(_aa_autoclose)))
>  #define autofclose __attribute((cleanup(_aa_autofclose)))
>  
> +#define asprintf _aa_asprintf
> +
>  int dirat_for_each(DIR *dir, const char *name, void *data,
>  		   int (* cb)(DIR *, const char *, struct stat *, void *));
>  
>

More information about the AppArmor mailing list