External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

virt-aa-helper: Remove PATH_MAX sized stack allocations

Browse Source
This commit is contained in:
Matthias Bolte 2011-04-03 11:21:17 +02:00
parent 859efe7f88
commit 97176c6350
1 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/security/virt-aa-helper.c
View File

@ -188,8 +188,9 @@ replace_string(char *orig, const size_t len, const char *oldstr,
static int static int
parserCommand(const char *profile_name, const char cmd) parserCommand(const char *profile_name, const char cmd)
{ {
int result = -1;
char flag[3]; char flag[3];
char profile[PATH_MAX]; char *profile;
int status; int status;
int ret; int ret;
@ -200,15 +201,15 @@ parserCommand(const char *profile_name, const char cmd)
snprintf(flag, 3, "-%c", cmd); snprintf(flag, 3, "-%c", cmd);
if (snprintf(profile, PATH_MAX, "%s/%s", if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", profile_name) > PATH_MAX - 1) { APPARMOR_DIR "/libvirt", profile_name) < 0) {
vah_error(NULL, 0, _("profile name exceeds maximum length")); vah_error(NULL, 0, _("profile name exceeds maximum length"));
return -1; return -1;
} }
if (!virFileExists(profile)) { if (!virFileExists(profile)) {
vah_error(NULL, 0, _("profile does not exist")); vah_error(NULL, 0, _("profile does not exist"));
return -1; goto cleanup;
} else { } else {
const char * const argv[] = { const char * const argv[] = {
"/sbin/apparmor_parser", flag, profile, NULL "/sbin/apparmor_parser", flag, profile, NULL
@ -217,18 +218,23 @@ parserCommand(const char *profile_name, const char cmd)
(WIFEXITED(status) && WEXITSTATUS(status) != 0)) { (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
if (ret != 0) { if (ret != 0) {
vah_error(NULL, 0, _("failed to run apparmor_parser")); vah_error(NULL, 0, _("failed to run apparmor_parser"));
return -1; goto cleanup;
} else if (cmd == 'R' && WIFEXITED(status) && } else if (cmd == 'R' && WIFEXITED(status) &&
WEXITSTATUS(status) == 234) { WEXITSTATUS(status) == 234) {
vah_warning(_("unable to unload already unloaded profile")); vah_warning(_("unable to unload already unloaded profile"));
} else { } else {
vah_error(NULL, 0, _("apparmor_parser exited with error")); vah_error(NULL, 0, _("apparmor_parser exited with error"));
return -1; goto cleanup;
} }
} }
} }
return 0; result = 0;
cleanup:
VIR_FREE(profile);
return result;
} }
/* /*
@ -308,7 +314,7 @@ static int
create_profile(const char *profile, const char *profile_name, create_profile(const char *profile, const char *profile_name,
const char *profile_files) const char *profile_files)
{ {
char template[PATH_MAX]; char *template;
char *tcontent = NULL; char *tcontent = NULL;
char *pcontent = NULL; char *pcontent = NULL;
char *replace_name = NULL; char *replace_name = NULL;
@ -324,8 +330,7 @@ create_profile(const char *profile, const char *profile_name,
goto end; goto end;
} }
if (snprintf(template, PATH_MAX, "%s/TEMPLATE", if (virAsprintf(&template, "%s/TEMPLATE", APPARMOR_DIR "/libvirt") < 0) {
APPARMOR_DIR "/libvirt") > PATH_MAX - 1) {
vah_error(NULL, 0, _("template name exceeds maximum length")); vah_error(NULL, 0, _("template name exceeds maximum length"));
goto end; goto end;
} }
@ -409,6 +414,7 @@ create_profile(const char *profile, const char *profile_name,
clean_tcontent: clean_tcontent:
VIR_FREE(tcontent); VIR_FREE(tcontent);
end: end:
VIR_FREE(template);
return rc; return rc;
} }
@ -1134,8 +1140,8 @@ main(int argc, char **argv)
vahControl _ctl, *ctl = &_ctl; vahControl _ctl, *ctl = &_ctl;
virBuffer buf = VIR_BUFFER_INITIALIZER; virBuffer buf = VIR_BUFFER_INITIALIZER;
int rc = -1; int rc = -1;
char profile[PATH_MAX]; char *profile = NULL;
char include_file[PATH_MAX]; char *include_file = NULL;
if (setlocale(LC_ALL, "") == NULL || if (setlocale(LC_ALL, "") == NULL ||
bindtextdomain(PACKAGE, LOCALEDIR) == NULL || bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
@ -1164,13 +1170,13 @@ main(int argc, char **argv)
if (vahParseArgv(ctl, argc, argv) != 0) if (vahParseArgv(ctl, argc, argv) != 0)
vah_error(ctl, 1, _("could not parse arguments")); vah_error(ctl, 1, _("could not parse arguments"));
if (snprintf(profile, PATH_MAX, "%s/%s", if (virAsprintf(&profile, "%s/%s",
APPARMOR_DIR "/libvirt", ctl->uuid) > PATH_MAX - 1) APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 1, _("profile name exceeds maximum length")); vah_error(ctl, 0, _("could not allocate memory"));
if (snprintf(include_file, PATH_MAX, "%s/%s.files", if (virAsprintf(&include_file, "%s/%s.files",
APPARMOR_DIR "/libvirt", ctl->uuid) > PATH_MAX - 1) APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
vah_error(ctl, 1, _("disk profile name exceeds maximum length")); vah_error(ctl, 0, _("could not allocate memory"));
if (ctl->cmd == 'a') if (ctl->cmd == 'a')
rc = parserLoad(ctl->uuid); rc = parserLoad(ctl->uuid);
@ -1258,5 +1264,9 @@ main(int argc, char **argv)
} }
vahDeinit(ctl); vahDeinit(ctl);
VIR_FREE(profile);
VIR_FREE(include_file);
exit(rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE); exit(rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
} }