Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp179636rwb; Tue, 4 Oct 2022 02:25:36 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7IHIA35rXiEcFgu087jVbvpyK9VR+kS1dgN4MGXIafzC2QMjuvFNpLIyv2IfzatOLMZ3kW X-Received: by 2002:a05:6402:26c4:b0:459:2be1:aa8b with SMTP id x4-20020a05640226c400b004592be1aa8bmr5419810edd.287.1664875536518; Tue, 04 Oct 2022 02:25:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664875536; cv=none; d=google.com; s=arc-20160816; b=Iz/cRrGM5i3N5t4DKrahxocyew+Gl9bBk9WPE2gxE8dlxQwNS40WYtM5VnCAJjZ0Ae DgOKfiFa+1Yxz06C3aIiOYrK+Gbf9ix2x4FNuwxpLaGX7iq08dkzp0d5T4Nst1YwBnyl OyxzevqRvWeHRDyDSq/ANWtlVHtbOor3oxh06H2Pa0C/58HdgMWu29lmaOX/L+jaNUau xXmZ7L9JqGTf4Njh6pAwXqpURtq/PRre7Jks2ORSNFgVhBCNUML6By+l2f5L1BVZkO1E AwRvQs6Q5QCuhmSBDqanIV7NAMjVFFYAx3LlgoXQrJfS6OKzW8Vhn+sggRB3K9MZ4Lxk hCyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=/EBwcTOTgj+vadJfiO3RxscW2G8Imo347cqiwePd00w=; b=HBvYsdFladbUlTiEWlNtcS2tKT4H53DSrrhPLa8CYlCIJSHMWBFXDLAZrHff+h7R6E 6UAk7vCEyldeOD0gAw0eSfUxx0rGf5WOcYa7+Ys244xDWUc9v+aLWs+JENzV7rx2aL42 IWJ81DpBw9JUvCp2AYROUbNcfKYH28K78k2RJl3Fs8smgTs1I5s4Fap3Jy3NNUCnTF20 Pjn3Us7u/gQKXW5YavPSFtIwOfyo5nEEa4psILqqds2ngmvinNJr659LJoTlRKMfAKAE r63SJIukp2AqEcG8XtfnNUQFAZdXobmiyj4dAsT49qSwQLYCgCybgPisbU/1zqA4RJ7J l2tQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=iqud63xj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f7-20020a056402354700b0045829a1c0b3si12022931edd.251.2022.10.04.02.25.11; Tue, 04 Oct 2022 02:25:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=iqud63xj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229557AbiJDIp5 (ORCPT + 99 others); Tue, 4 Oct 2022 04:45:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230331AbiJDIph (ORCPT ); Tue, 4 Oct 2022 04:45:37 -0400 Received: from madras.collabora.co.uk (madras.collabora.co.uk [46.235.227.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD36F4DF04; Tue, 4 Oct 2022 01:45:27 -0700 (PDT) Received: from lenovo.Home (unknown [39.45.148.204]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: usama.anjum) by madras.collabora.co.uk (Postfix) with ESMTPSA id AAF186602294; Tue, 4 Oct 2022 09:45:23 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1664873125; bh=DDe39PfAYSVpLkDZAiTg9JOc4VmntwqihIfPrL/dtsE=; h=From:To:Cc:Subject:Date:From; b=iqud63xj3L9NEwYkQSdqmyuuhYoiWK7t9kIVINO06950UrVH/UdZSvc5c/6aeTDHI npwvlS4ueiA2+FBzGnCfV0LWnZYzWwkwFp6bwSAM4UQLCoi6jeD8kQmVf4sRWEzQ/k y0+zbEoyBi31N3RxX19Y2d96qGOhkMjOebWE5WpMuLr42l+ctQyIi1r6AhWOZtLdTN gH8B7MkYZw8lS1ruSB8UDRAxRnsfuJDcl6yoqqZmTESMzGUyb2neEYovX3av4u7Tey HtjHuwLGOIExwjZHGA1MG172ZnFIbpMPcavlKH9z6aafh6QHvA0tYBpP+hST07A+pT bqlgNGiTgK/Lg== From: Muhammad Usama Anjum To: John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" Cc: Muhammad Usama Anjum , kernel@collabora.com, kernel-janitors@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] apparmor: store return value of unpack_perms_table() to signed variable Date: Tue, 4 Oct 2022 13:45:15 +0500 Message-Id: <20221004084515.659441-1-usama.anjum@collabora.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The unpack_perms_table() can return error which is negative value. Store the return value to a signed variable. policy->size is unsigned variable. It shouldn't be used to store the return status. Fixes: 2d6b2dea7f3c ("apparmor: add the ability for policy to specify a permission table") Signed-off-by: Muhammad Usama Anjum --- security/apparmor/policy_unpack.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 45c9dfdc8e0d..09f316943951 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -734,14 +734,18 @@ static int unpack_pdb(struct aa_ext *e, struct aa_policydb *policy, { void *pos = e->pos; int i, flags, error = -EPROTO; + ssize_t size; - policy->size = unpack_perms_table(e, &policy->perms); - if (policy->size < 0) { - error = policy->size; + size = unpack_perms_table(e, &policy->perms); + if (size < 0) { + error = size; policy->perms = NULL; *info = "failed to unpack - perms"; goto fail; - } else if (policy->perms) { + } + policy->size = size; + + if (policy->perms) { /* perms table present accept is index */ flags = TO_ACCEPT1_FLAG(YYTD_DATA32); } else { -- 2.30.2