archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-13 22:36:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security/apparmor
History
Massimiliano Pellizzer 08020dbe31 apparmor: fix signedness bug in unpack_tags() 
Smatch static checker warning:
    security/apparmor/policy_unpack.c:966 unpack_pdb()
    warn: unsigned 'unpack_tags(e, &pdb->tags, info)' is never less than zero.

unpack_tags() is declared with return type size_t (unsigned) but returns
negative errno values on failure. The caller in unpack_pdb() tests the
return with `< 0`, which is always false for an unsigned type, making
error handling dead code. Malformed tag data would be silently accepted
instead of causing a load failure.

Change return type of unpack_tags() from size_t to int to match the
functions's actual semantic.

Fixes: 3d28e2397a ("apparmor: add support loading per permission tagging")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Massimiliano Pellizzer <mpellizzer.dev@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2026-02-18 11:50:20 -08:00
..
include apparmor: split xxx_in_ns into its two separate semantic use cases 2026-01-29 01:27:55 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
.kunitconfig apparmor: add .kunitconfig 2026-02-01 12:01:19 -08:00
af_unix.c apparmor: split xxx_in_ns into its two separate semantic use cases 2026-01-29 01:27:55 -08:00
apparmorfs.c apparmor: fix invalid deref of rawdata when export_binary is unset 2026-02-02 03:31:35 -08:00
audit.c apparmor: add support for profiles to define the kill signal 2025-01-18 06:47:12 -08:00
capability.c apparmor: transition from a list of rules to a vector of rules 2025-07-20 02:31:06 -07:00
crypto.c apparmor: move initcalls to the LSM framework 2025-10-22 19:24:27 -04:00
domain.c apparmor: split xxx_in_ns into its two separate semantic use cases 2026-01-29 01:27:55 -08:00
file.c apparmor: fix fast path cache check for unix sockets 2026-01-29 01:27:54 -08:00
ipc.c apparmor: transition from a list of rules to a vector of rules 2025-07-20 02:31:06 -07:00
Kconfig Revert "apparmor: use SHA-256 library API instead of crypto_shash API" 2025-07-15 22:39:22 -07:00
label.c apparmor: fix aa_label to return state from compount and component match 2026-02-02 04:16:26 -08:00
lib.c apparmor: add support loading per permission tagging 2026-01-29 01:27:47 -08:00
lsm.c apparmor: cleanup remove unused percpu critical sections in buffer management 2026-01-29 01:27:55 -08:00
Makefile apparmor: make all generated string array headers const char *const 2025-05-25 20:15:01 -07:00
match.c apparmor: Fix & Optimize table creation from possibly unaligned memory 2026-01-22 04:52:25 -08:00
mount.c apparmor: transition from a list of rules to a vector of rules 2025-07-20 02:31:06 -07:00
net.c apparmor: fix NULL sock in aa_sock_file_perm 2026-01-22 04:51:55 -08:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c apparmor: Replace deprecated strcpy in d_namespace_path 2026-01-18 06:53:18 -08:00
policy.c apparmor: guard against free routines being called with a NULL 2026-01-29 01:27:54 -08:00
policy_compat.c apparmor: add support loading per permission tagging 2026-01-29 01:27:47 -08:00
policy_ns.c apparmor: Improve debug print infrastructure 2025-01-18 06:47:11 -08:00
policy_unpack.c apparmor: fix signedness bug in unpack_tags() 2026-02-18 11:50:20 -08:00
policy_unpack_test.c + Features 2025-08-04 08:17:28 -07:00
procattr.c apparmor: Improve debug print infrastructure 2025-01-18 06:47:11 -08:00
resource.c apparmor: fix rlimit for posix cpu timers 2026-01-29 01:27:54 -08:00
secid.c lsm: secctx provider check on release 2024-12-04 14:59:57 -05:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: userns: Add support for execpath in userns 2026-01-29 01:27:53 -08:00