audit: fix signedness bug in audit_log_execve_info()

In the loop, a size_t "len" is used to hold the return value of audit_log_single_execve_arg(), which returns -1 on error. In that case the error handling (len <= 0) will be bypassed since "len" is unsigned, and the loop continues with (p += len) being wrapped. Change the type of "len" to signed int to fix the error handling. size_t len; ... for (...) { len = audit_log_single_execve_arg(...); if (len <= 0) break; p += len; } Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Xi Wang <xi.wang@gmail.com> 2011-12-20 18:39:41 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-12 00:25:13 -0500
commit: ecb7319430fa406924a67e9f3ea993d04aab5f95 (patch)
tree: 793ca9be593609dfae82874e4b73c05e55b040a0
parent: 9d8b12c65545b1c0e1e015c5d8e4a859d22f1049 (diff)
download: audit-ecb7319430fa406924a67e9f3ea993d04aab5f95.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 593237e3654d4..86584ecb1039e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1362,8 +1362,8 @@ static void audit_log_execve_info(struct audit_context *context,
 				  struct audit_buffer **ab,
 				  struct audit_aux_data_execve *axi)
 {
-	int i;
-	size_t len, len_sent = 0;
+	int i, len;
+	size_t len_sent = 0;
 	const char __user *p;
 	char *buf;
author	Xi Wang <xi.wang@gmail.com>	2011-12-20 18:39:41 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-12 00:25:13 -0500
commit	ecb7319430fa406924a67e9f3ea993d04aab5f95 (patch)
tree	793ca9be593609dfae82874e4b73c05e55b040a0
parent	9d8b12c65545b1c0e1e015c5d8e4a859d22f1049 (diff)
download	audit-ecb7319430fa406924a67e9f3ea993d04aab5f95.tar.gz