[PATCH RESEND] audit: fix signedness bug in audit_log_execve_info()

From: Xi Wang
Date: Tue Dec 20 2011 - 18:41:12 EST

Next message: Mandeep Singh Baines: "Re: [PATCH 1/5 V3] cgroup: remove redundate get/put of old css_setfrom migrate"
Previous message: Tim Bird: "Re: Android mainlining project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the loop, a size_t "len" is used to hold the return value of
audit_log_single_execve_arg(), which returns -1 on error. In that
case the error handling (len <= 0) will be bypassed since "len" is
unsigned, and the loop continues with (p += len) being wrapped.
Change the type of "len" to signed int to fix the error handling.

size_t len;
...
for (...) {
len = audit_log_single_execve_arg(...);
if (len <= 0)
break;
p += len;
}

Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
---
kernel/auditsc.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 47b7fc1..5b118d8 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context,
struct audit_buffer **ab,
struct audit_aux_data_execve *axi)
{
- int i;
- size_t len, len_sent = 0;
+ int i, len;
+ size_t len_sent = 0;
const char __user *p;
char *buf;

--
1.7.5.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mandeep Singh Baines: "Re: [PATCH 1/5 V3] cgroup: remove redundate get/put of old css_setfrom migrate"
Previous message: Tim Bird: "Re: Android mainlining project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]