Re: [apparmor] [PATCH RESEND] apparmor: Fix string overrun due to missing termination

Next message: Sean Christopherson: "Re: [PATCH v4 4/6] KVM: x86/pmu: Re-evaluate Host-Only/Guest-Only on nested SVM transitions"
Previous message: Al Viro: "Re: [PATCH v2] cache the string generated by reading /proc/filesystems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Georgia Garcia

Date: Wed Apr 22 2026 - 18:42:21 EST

Hello,

On Fri, 2026-03-27 at 19:58 +0800, Daniel J Blueman wrote:
> This was introduced by previous incorrect conversion from strcpy(). Fix it
> by adding the missing terminator.
>

Looks good to me,

Reviewed-by: Georgia Garcia <georgia.garcia@xxxxxxxxxxxxx>

> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Daniel J Blueman <daniel@xxxxxxxxx>
> Fixes: 93d4dbdc8da0 ("apparmor: Replace deprecated strcpy in d_namespace_path")
> ---
> security/apparmor/path.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/security/apparmor/path.c b/security/apparmor/path.c
> index 65a0ca5cc1bd..2494e8101538 100644
> --- a/security/apparmor/path.c
> +++ b/security/apparmor/path.c
> @@ -164,14 +164,16 @@ static int d_namespace_path(const struct path *path, char *buf, char **name,
> }
>
> out:
> - /* Append "/" to directory paths, except for root "/" which
> - * already ends in a slash.
> + /* Append "/" to directory paths and reterminate string, except for
> + * root "/" which already ends in a slash.
> */
> if (!error && isdir) {
> bool is_root = (*name)[0] == '/' && (*name)[1] == '\0';
>
> - if (!is_root)
> + if (!is_root) {
> buf[aa_g_path_max - 2] = '/';
> + buf[aa_g_path_max - 1] = '\0';
> + }
> }
>
> return error;
> --
> 2.53.0