Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp226981rwb; Tue, 4 Oct 2022 03:13:17 -0700 (PDT) X-Google-Smtp-Source: AMsMyM62VnyXIxGqqUeKGK8dgAIkBsq8TIGyeWflGqZo/vPPUhmuGze9FOhZK26B2I8NXUV+gToj X-Received: by 2002:a17:902:d70a:b0:178:5d52:9e41 with SMTP id w10-20020a170902d70a00b001785d529e41mr26039597ply.0.1664878397376; Tue, 04 Oct 2022 03:13:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664878397; cv=none; d=google.com; s=arc-20160816; b=j3e3+A1PyfCA5CrDaq+0FUUh+J0N4ASyBLIwkRcvK5EMvbDvomgp2vpd1H2E6r84yg uZKiMNJuwzfD9bUK5Nx7uU20DNL+G2Zp4oHiKOxsUcpfNL0Q1+dNBxel6wmccHC4HxFs KburEDZWznS5HBCUZmUbed1xY8Cupz2FYAQoYikQmDTVECF/7hZdMnG4OE7Yuy+vvO7I PZe8V+ac6mlieKSLMtUiaFjlNHSkVTkVr7tc/lqPNd+ArNfgiJ/gsYBH3oR+0TF7fVnC mMMDGLMI9dyRF0Meoa8Gk5IQE87HfObInQbejn6E1hDZBcli6ajngnT9boCqn37wNYCE Lf9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=auXXm/gRfpR6ooMtURJxM7kzyBAv5R3HRiNjDlYasY8=; b=iAvdTGzp+s2BbV9Y6oQqCCTXJQ0hgjToxlEugZEJ18lrRb3y1dtaoT43LbG0tmfCNu MQamyEIWiREbvJa0RzxFwb/W7+/IjkZPeZFdl+25dRXelRM/5icYM/0Qo3xIM/3Hf3ag jQfoKi76SrvdGQRMCaxHa2kY7GjeuDF414OVTX7Ba5z1vBz14GQDPPdhCSlh6zLLNsH4 hBG41LPLL2dn8M5U8Y7mzsSMy6G2S0/mzmLgPR9yMW1Gi4eHumet2j8QoJUFCVNUj4Ma 1EE554E5GdkXLfMBSQhdmAseRYT2FdWL99vN/RWlfhz0c3tIdV7+drAhSiIqe/U6nu3r G0wQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=NdygnKiE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s23-20020a17090a5d1700b002057a08d66asi2248383pji.23.2022.10.04.03.13.05; Tue, 04 Oct 2022 03:13:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=NdygnKiE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230005AbiJDJxa (ORCPT + 99 others); Tue, 4 Oct 2022 05:53:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229912AbiJDJxI (ORCPT ); Tue, 4 Oct 2022 05:53:08 -0400 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15DC731237; Tue, 4 Oct 2022 02:52:11 -0700 (PDT) Received: from [192.168.192.83] (unknown [50.126.114.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id C6FE542F7E; Tue, 4 Oct 2022 09:52:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1664877127; bh=auXXm/gRfpR6ooMtURJxM7kzyBAv5R3HRiNjDlYasY8=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=NdygnKiEBbLYsBVhagqcZFPeH6gw7AwSBU3gERc2PG9245RQsoyUQlxWzyNKDufOI Y71IFTwmcuT36fA7fIpyDOhNXRUjjD78JAtAe6W9CFoNiPLKUkU0CfkeXL/e3Ce0Pa uY+VOyJgLg2wQQzLsIs2FDh198vuS3rz3bVk5a+m0ktdFjltKF+7pt0FXTqpz7OfmK 1x8ZP3Xpz9eQvKl+nW+fQDqIfJw4OizdA3BArDc9xdS6DJFkT59dfe4Xq1vk1Lqexc jeulOMyrYR6Zln+0TCGlD49bZNPmpmIDhH5Ju5ZrxfCtuigz5sN8bgDmXmvoUawWie PqVUtf0y3WtxA== Message-ID: <3c47940d-06e2-6c08-280c-76f7a365cf0b@canonical.com> Date: Tue, 4 Oct 2022 02:52:03 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH] apparmor: store return value of unpack_perms_table() to signed variable Content-Language: en-US To: Muhammad Usama Anjum , Paul Moore , James Morris , "Serge E. Hallyn" Cc: kernel@collabora.com, kernel-janitors@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org References: <20221004084515.659441-1-usama.anjum@collabora.com> From: John Johansen Organization: Canonical In-Reply-To: <20221004084515.659441-1-usama.anjum@collabora.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/4/22 01:45, Muhammad Usama Anjum wrote: > The unpack_perms_table() can return error which is negative value. Store > the return value to a signed variable. policy->size is unsigned > variable. It shouldn't be used to store the return status. > > Fixes: 2d6b2dea7f3c ("apparmor: add the ability for policy to specify a permission table") > Signed-off-by: Muhammad Usama Anjum yep, thanks I have pulled this in Acked-by: john.johansen@canonical.com > --- > security/apparmor/policy_unpack.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c > index 45c9dfdc8e0d..09f316943951 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -734,14 +734,18 @@ static int unpack_pdb(struct aa_ext *e, struct aa_policydb *policy, > { > void *pos = e->pos; > int i, flags, error = -EPROTO; > + ssize_t size; > > - policy->size = unpack_perms_table(e, &policy->perms); > - if (policy->size < 0) { > - error = policy->size; > + size = unpack_perms_table(e, &policy->perms); > + if (size < 0) { > + error = size; > policy->perms = NULL; > *info = "failed to unpack - perms"; > goto fail; > - } else if (policy->perms) { > + } > + policy->size = size; > + > + if (policy->perms) { > /* perms table present accept is index */ > flags = TO_ACCEPT1_FLAG(YYTD_DATA32); > } else {