On Sat, Oct 11, 2025 at 06:46:46PM +0200, Thorsten Blum wrote: > strcpy() is deprecated and sprintf() does not perform bounds checking > either. Although an overflow is unlikely, it's better to proactively > avoid it by using the safer strscpy() and scnprintf(), respectively. > > Additionally, unify memory allocation for 'hname' to simplify and > improve aa_policy_init(). > > Link: https://github.com/KSPP/linux/issues/88 > Signed-off-by: Thorsten Blum <[email protected]>
Reviewed-by: Serge Hallyn <[email protected]> > --- > security/apparmor/lib.c | 16 +++++++--------- > 1 file changed, 7 insertions(+), 9 deletions(-) > > diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c > index 82dbb97ad406..acf7f5189bec 100644 > --- a/security/apparmor/lib.c > +++ b/security/apparmor/lib.c > @@ -478,19 +478,17 @@ bool aa_policy_init(struct aa_policy *policy, const > char *prefix, > const char *name, gfp_t gfp) > { > char *hname; > + size_t hname_sz; > > + hname_sz = (prefix ? strlen(prefix) + 2 : 0) + strlen(name) + 1; > /* freed by policy_free */ > - if (prefix) { > - hname = aa_str_alloc(strlen(prefix) + strlen(name) + 3, gfp); > - if (hname) > - sprintf(hname, "%s//%s", prefix, name); > - } else { > - hname = aa_str_alloc(strlen(name) + 1, gfp); > - if (hname) > - strcpy(hname, name); > - } > + hname = aa_str_alloc(hname_sz, gfp); > if (!hname) > return false; > + if (prefix) > + scnprintf(hname, hname_sz, "%s//%s", prefix, name); > + else > + strscpy(hname, name, hname_sz); > policy->hname = hname; > /* base.name is a substring of fqname */ > policy->name = basename(policy->hname); > -- > 2.51.0
