diff options
author | Xi Wang <xi.wang@gmail.com> | 2011-12-20 18:39:41 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-12 00:25:13 -0500 |
commit | ecb7319430fa406924a67e9f3ea993d04aab5f95 (patch) | |
tree | 793ca9be593609dfae82874e4b73c05e55b040a0 | |
parent | 9d8b12c65545b1c0e1e015c5d8e4a859d22f1049 (diff) | |
download | audit-ecb7319430fa406924a67e9f3ea993d04aab5f95.tar.gz |
audit: fix signedness bug in audit_log_execve_info()
In the loop, a size_t "len" is used to hold the return value of
audit_log_single_execve_arg(), which returns -1 on error. In that
case the error handling (len <= 0) will be bypassed since "len" is
unsigned, and the loop continues with (p += len) being wrapped.
Change the type of "len" to signed int to fix the error handling.
size_t len;
...
for (...) {
len = audit_log_single_execve_arg(...);
if (len <= 0)
break;
p += len;
}
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | kernel/auditsc.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 593237e3654d4..86584ecb1039e 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1362,8 +1362,8 @@ static void audit_log_execve_info(struct audit_context *context, struct audit_buffer **ab, struct audit_aux_data_execve *axi) { - int i; - size_t len, len_sent = 0; + int i, len; + size_t len_sent = 0; const char __user *p; char *buf; |