Fix incorrect strnlen length in aa_load.c load_policy_dir

POSIX states that d_name has up to NAME_MAX (255) characters, and glibc stores d_name as an array of size NAME_MAX+1 (256). Thus, supplying PATH_MAX (4096) as the max length could trigger a buffer overrun. This could be an even bigger issue on other libcs, as POSIX states that d_name can be unsized. Fortunately, this does not seem to cause actual issues, as the length is only used to compare d_name to a short fixed string. However, it'd be better to pass the actual correct max length to strnlen. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-03-04 08:24:42 +01:00 · 2024-08-06 12:44:47 -07:00 · 2024-08-06 12:44:47 -07:00 · 322a98c8c9
commit 322a98c8c9
parent ed3bc55d35
1 changed files with 2 additions and 1 deletions
--- a/binutils/aa_load.c
+++ b/binutils/aa_load.c
@ -172,7 +172,8 @@ static int load_policy_dir(const char *dir_path)
 	while ((dir = readdir(d)) != NULL) {
 		/* Only check regular files for now */
 		if (dir->d_type == DT_REG) {
-			len = strnlen(dir->d_name, PATH_MAX);
+			/* As per POSIX dir->d_name has at most NAME_MAX characters */
+			len = strnlen(dir->d_name, NAME_MAX);
 			/* Ignores .features */
 			if (strncmp(dir->d_name, CACHE_FEATURES_FILE, len) == 0) {
 				continue;