On 2015-05-30 00:00:25, Christian Boltz wrote: > Hello, > > Am Freitag, 29. Mai 2015 schrieb Tyler Hicks: > > On 2015-05-29 01:39:15, John Johansen wrote: > > > > +int aa_query_file(uint32_t mask, const char *label, const char > > > *path, + int *allowed, int *audited) > > > > I prefer that we require 'size_t label_len' and 'size_t path_len' > > parameters. The caller may already have the string lengths stored in > > variables, eliminating unnecessary calls to strlen(). Also, it allows > > for non-nul-terminated strings to be used. > > You mean you want to call the function with path "foo\0" and path_len > 12345? > > Personally, I prefer an unnecessary strlen() call over an option to > allow someone to hand in invalid data (and, caused by that, possibly > doing funny[tm] things) ;-)
You may not be aware that strlen() requires the string to be nul-terminated. If they wanted to shoot themselves in the foot or "do funny things" they could just pass in a non nul-terminated string to aa_query_file(). Also, libapparmor is in the process' address space. It makes no difference if we allow the caller to specify the string length or not... Tyler > > > Regards, > > Christian Boltz > -- > Eine Katze hat einen Schwanz mehr als keine Katze. Keine Katze hat > zwei Schwänze, also hat eine Katze drei Schwänze. > [Bernd Brodesser in suse-linux] > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
