apparmor: Check buffer bounds when mapping permissions mask

Don't read past the end of the buffer containing permissions characters or write past the end of the destination string. Detected by CoverityScan CID#1415361, 1415376 ("Out-of-bounds access") Fixes: e53cfe6c7caa ("apparmor: rework perm mapping to a slightly broader set") Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: Tyler Hicks <tyhicks@canonical.com> 2018-07-06 05:25:00 +0000
committer: John Johansen <john.johansen@canonical.com> 2018-07-19 16:24:43 -0700
commit: 7f3ebcf2b1395e0248e56146041e1e5625fd2f23 (patch)
tree: 51d693e57cc5734aee692b1cebab08acd1aab511 /security/apparmor/file.c
parent: fb7d1bcf1602b46f37ada72178516c01a250e434 (diff)
download: linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.tar.gz
linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.tar.bz2
linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 224b2fef93ca..4285943f7260 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -47,7 +47,8 @@ static void audit_file_mask(struct audit_buffer *ab, u32 mask)
 {
 	char str[10];
 
-	aa_perm_mask_to_str(str, aa_file_perm_chrs, map_mask_to_chr_mask(mask));
+	aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
+			    map_mask_to_chr_mask(mask));
 	audit_log_string(ab, str);
 }
author	Tyler Hicks <tyhicks@canonical.com>	2018-07-06 05:25:00 +0000
committer	John Johansen <john.johansen@canonical.com>	2018-07-19 16:24:43 -0700
commit	7f3ebcf2b1395e0248e56146041e1e5625fd2f23 (patch)
tree	51d693e57cc5734aee692b1cebab08acd1aab511 /security/apparmor/file.c
parent	fb7d1bcf1602b46f37ada72178516c01a250e434 (diff)
download	linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.tar.gz linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.tar.bz2 linux-7f3ebcf2b1395e0248e56146041e1e5625fd2f23.zip