From nobody Tue Dec 2 01:06:06 2025 Received: from out-182.mta1.migadu.com (out-182.mta1.migadu.com [95.215.58.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 711F62FE073 for ; Sat, 22 Nov 2025 11:57:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763812655; cv=none; b=MJVFL09az5XqyNM+VY4X4QtTqQXjGBRIxP4VcUpnG4r9rSExf2JrzJgn5e8tq2mKPgFf/JseqrRBkif+8iSdrGURA8favxIkJ0KL8rQWMJArvTCzNS2PCmxFN2LRESVp7j1G7yRalBRFMtJOIciIqMZcB1FXjccqP3wo8Dokxhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763812655; c=relaxed/simple; bh=HeGonjT1HwnQwLofOy4+RTsZ2YOng/CLAnRlBNw1iSE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=hOfVyXZ+Sc189bO96uIwXFmHL/dW6NjPGw0O0i2yE1kA98x680zkPA8WmhdBUHZ89OxQZILAuWXtK3KtS3PVPW94+UB4BJ3fLzJfupCc2BtxgnGgV3M27K6kHkST9gvy1JCK1wr5QRwUSdfilAmnvcfXIuE/ZdVFhNE9pPtWzyY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=qYQh1n2L; arc=none smtp.client-ip=95.215.58.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="qYQh1n2L" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1763812651; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=qCIcUpFDlcU0Ee2c787K9yU+98dCYjbjMA3KU8RBIWg=; b=qYQh1n2Lw8OeyQVNo/PwteItiVHUAsVio7fZC8Jzhscohv1lnwxK2TYU08hjQYC/v78oy7 tAOT/pHLYg5+Cz6mX+iAiwNV9mj94BNbEUBoxFUr8sPpol/RjCEkY4bBMKMIX+AjWyGRmm A34A7Js1G2FS9uZ0vQTEsGjcfB9lJm4= From: Thorsten Blum To: John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" Cc: Thorsten Blum , apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH RESEND] apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_init Date: Sat, 22 Nov 2025 12:55:51 +0100 Message-ID: <20251122115549.448042-3-thorsten.blum@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" strcpy() is deprecated and sprintf() does not perform bounds checking either. Although an overflow is unlikely, it's better to proactively avoid it by using the safer strscpy() and scnprintf(), respectively. Additionally, unify memory allocation for 'hname' to simplify and improve aa_policy_init(). Link: https://github.com/KSPP/linux/issues/88 Reviewed-by: Serge Hallyn Signed-off-by: Thorsten Blum Acked-by: John Johansen --- security/apparmor/lib.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 82dbb97ad406..acf7f5189bec 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -478,19 +478,17 @@ bool aa_policy_init(struct aa_policy *policy, const c= har *prefix, const char *name, gfp_t gfp) { char *hname; + size_t hname_sz; =20 + hname_sz =3D (prefix ? strlen(prefix) + 2 : 0) + strlen(name) + 1; /* freed by policy_free */ - if (prefix) { - hname =3D aa_str_alloc(strlen(prefix) + strlen(name) + 3, gfp); - if (hname) - sprintf(hname, "%s//%s", prefix, name); - } else { - hname =3D aa_str_alloc(strlen(name) + 1, gfp); - if (hname) - strcpy(hname, name); - } + hname =3D aa_str_alloc(hname_sz, gfp); if (!hname) return false; + if (prefix) + scnprintf(hname, hname_sz, "%s//%s", prefix, name); + else + strscpy(hname, name, hname_sz); policy->hname =3D hname; /* base.name is a substring of fqname */ policy->name =3D basename(policy->hname); --=20 2.51.1