]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: replace sprintf with snprintf in aa_new_learning_profile
authorThorsten Blum <thorsten.blum@linux.dev>
Sat, 22 Nov 2025 11:54:46 +0000 (12:54 +0100)
committerJohn Johansen <john.johansen@canonical.com>
Fri, 16 Jan 2026 18:46:54 +0000 (10:46 -0800)
Replace unbounded sprintf() calls with snprintf() to prevent potential
buffer overflows in aa_new_learning_profile(). While the current code
works correctly, snprintf() is safer and follows secure coding best
practices.  No functional changes.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/policy.c

index 50d5345ff5cbab40aa5bd4752ffa22144f4dd448..b09323867feaae728f1bea543fd5d311da1773cd 100644 (file)
@@ -697,24 +697,27 @@ struct aa_profile *aa_new_learning_profile(struct aa_profile *parent, bool hat,
        struct aa_profile *p, *profile;
        const char *bname;
        char *name = NULL;
+       size_t name_sz;
 
        AA_BUG(!parent);
 
        if (base) {
-               name = kmalloc(strlen(parent->base.hname) + 8 + strlen(base),
-                              gfp);
+               name_sz = strlen(parent->base.hname) + 8 + strlen(base);
+               name = kmalloc(name_sz, gfp);
                if (name) {
-                       sprintf(name, "%s//null-%s", parent->base.hname, base);
+                       snprintf(name, name_sz, "%s//null-%s",
+                                parent->base.hname, base);
                        goto name;
                }
                /* fall through to try shorter uniq */
        }
 
-       name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, gfp);
+       name_sz = strlen(parent->base.hname) + 2 + 7 + 8;
+       name = kmalloc(name_sz, gfp);
        if (!name)
                return NULL;
-       sprintf(name, "%s//null-%x", parent->base.hname,
-               atomic_inc_return(&parent->ns->uniq_null));
+       snprintf(name, name_sz, "%s//null-%x", parent->base.hname,
+                atomic_inc_return(&parent->ns->uniq_null));
 
 name:
        /* lookup to see if this is a dup creation */