Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt
提交 97176c63 编写于 作者: M Matthias Bolte
浏览文件
操作

virt-aa-helper: Remove PATH_MAX sized stack allocations

上级 859efe7f
显示空白变更内容
内联 并排
Showing with 28 addition and 18 deletion
src/security/virt-aa-helper.c
浏览文件 @ 97176c63
...@@ -188,8 +188,9 @@ replace_string(char *orig, const size_t len, const char *oldstr, ...@@ -188,8 +188,9 @@ replace_string(char *orig, const size_t len, const char *oldstr,
static int static int
parserCommand(const char *profile_name, const char cmd) parserCommand(const char *profile_name, const char cmd)
{ {
int result = -1;
char flag[3]; char flag[3];
char profile[PATH_MAX]; char *profile;
int status; int status;
int ret; int ret;
...@@ -200,15 +201,15 @@ parserCommand(const char *profile_name, const char cmd) ...@@ -200,15 +201,15 @@ parserCommand(const char *profile_name, const char cmd)
snprintf(flag, 3, "-%c", cmd); snprintf(flag, 3, "-%c", cmd);
if (snprintf(profile, PATH_MAX, "%s/%s", if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", profile_name) > PATH_MAX - 1) { APPARMOR_DIR "/libvirt", profile_name) < 0) {
vah_error(NULL, 0, _("profile name exceeds maximum length")); vah_error(NULL, 0, _("profile name exceeds maximum length"));
return -1; return -1;
} }
if (!virFileExists(profile)) { if (!virFileExists(profile)) {
vah_error(NULL, 0, _("profile does not exist")); vah_error(NULL, 0, _("profile does not exist"));
return -1; goto cleanup;
} else { } else {
const char * const argv[] = { const char * const argv[] = {
"/sbin/apparmor_parser", flag, profile, NULL "/sbin/apparmor_parser", flag, profile, NULL
...@@ -217,18 +218,23 @@ parserCommand(const char *profile_name, const char cmd) ...@@ -217,18 +218,23 @@ parserCommand(const char *profile_name, const char cmd)
(WIFEXITED(status) && WEXITSTATUS(status) != 0)) { (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
if (ret != 0) { if (ret != 0) {
vah_error(NULL, 0, _("failed to run apparmor_parser")); vah_error(NULL, 0, _("failed to run apparmor_parser"));
return -1; goto cleanup;
} else if (cmd == 'R' && WIFEXITED(status) && } else if (cmd == 'R' && WIFEXITED(status) &&
WEXITSTATUS(status) == 234) { WEXITSTATUS(status) == 234) {
vah_warning(_("unable to unload already unloaded profile")); vah_warning(_("unable to unload already unloaded profile"));
} else { } else {
vah_error(NULL, 0, _("apparmor_parser exited with error")); vah_error(NULL, 0, _("apparmor_parser exited with error"));
return -1; goto cleanup;
} }
} }
} }
return 0; result = 0;
cleanup:
VIR_FREE(profile);
return result;
} }
/* /*
...@@ -308,7 +314,7 @@ static int ...@@ -308,7 +314,7 @@ static int
create_profile(const char *profile, const char *profile_name, create_profile(const char *profile, const char *profile_name,
const char *profile_files) const char *profile_files)
{ {
char template[PATH_MAX]; char *template;
char *tcontent = NULL; char *tcontent = NULL;
char *pcontent = NULL; char *pcontent = NULL;
char *replace_name = NULL; char *replace_name = NULL;
...@@ -324,8 +330,7 @@ create_profile(const char *profile, const char *profile_name, ...@@ -324,8 +330,7 @@ create_profile(const char *profile, const char *profile_name,
goto end; goto end;
} }
if (snprintf(template, PATH_MAX, "%s/TEMPLATE", if (virAsprintf(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) {
APPARMOR_DIR "/libvirt") > PATH_MAX - 1) {
vah_error(NULL, 0, _("template name exceeds maximum length")); vah_error(NULL, 0, _("template name exceeds maximum length"));
goto end; goto end;
} }
...@@ -409,6 +414,7 @@ create_profile(const char *profile, const char *profile_name, ...@@ -409,6 +414,7 @@ create_profile(const char *profile, const char *profile_name,
clean_tcontent: clean_tcontent:
VIR_FREE(tcontent); VIR_FREE(tcontent);
end: end:
VIR_FREE(template);
return rc; return rc;
} }
...@@ -1134,8 +1140,8 @@ main(int argc, char **argv) ...@@ -1134,8 +1140,8 @@ main(int argc, char **argv)
vahControl _ctl, *ctl = &_ctl; vahControl _ctl, *ctl = &_ctl;
virBuffer buf = VIR_BUFFER_INITIALIZER; virBuffer buf = VIR_BUFFER_INITIALIZER;
int rc = -1; int rc = -1;
char profile[PATH_MAX]; char *profile = NULL;
char include_file[PATH_MAX]; char *include_file = NULL;
if (setlocale(LC_ALL, "") == NULL || if (setlocale(LC_ALL, "") == NULL ||
bindtextdomain(PACKAGE, LOCALEDIR) == NULL || bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
...@@ -1164,13 +1170,13 @@ main(int argc, char **argv) ...@@ -1164,13 +1170,13 @@ main(int argc, char **argv)
if (vahParseArgv(ctl, argc, argv) != 0) if (vahParseArgv(ctl, argc, argv) != 0)
vah_error(ctl, 1, _("could not parse arguments")); vah_error(ctl, 1, _("could not parse arguments"));
if (snprintf(profile, PATH_MAX, "%s/%s", if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", ctl->uuid) > PATH_MAX - 1) APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 1, _("profile name exceeds maximum length")); vah_error(ctl, 0, _("could not allocate memory"));
if (snprintf(include_file, PATH_MAX, "%s/%s.files", if (virAsprintf(&include_file, "%s/%s.files",
APPARMOR_DIR "/libvirt", ctl->uuid) > PATH_MAX - 1) APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 1, _("disk profile name exceeds maximum length")); vah_error(ctl, 0, _("could not allocate memory"));
if (ctl->cmd == 'a') if (ctl->cmd == 'a')
rc = parserLoad(ctl->uuid); rc = parserLoad(ctl->uuid);
...@@ -1258,5 +1264,9 @@ main(int argc, char **argv) ...@@ -1258,5 +1264,9 @@ main(int argc, char **argv)
} }
vahDeinit(ctl); vahDeinit(ctl);
VIR_FREE(profile);
VIR_FREE(include_file);
exit(rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE); exit(rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册