libselinux: limit has buffer size
The `struct selabel_digest` member `hashbuf_size` is used to compute hashes via `Sha1Update()`, which takes uint32_t as length parameter type. Use that same type for `hashbuf_size` to avoid potential value truncations, as the overflow check in `digest_add_specfile()` on `hashbuf_size` is based on it. label_support.c: In function ‘digest_gen_hash’: label_support.c:125:53: warning: conversion from ‘size_t’ {aka ‘long unsigned int’} to ‘uint32_t’ {aka ‘unsigned int’} may change value [-Wconversion] 125 | Sha1Update(&context, digest->hashbuf, digest->hashbuf_size); | ~~~~~~^~~~~~~~~~~~~~ Acked-by: James Carter <jwcart2@gmail.com> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
parent
9d57ab6c32
commit
0aa974a439
|
@ -57,7 +57,7 @@ int selabel_service_init(struct selabel_handle *rec,
|
|||
struct selabel_digest {
|
||||
unsigned char *digest; /* SHA1 digest of specfiles */
|
||||
unsigned char *hashbuf; /* buffer to hold specfiles */
|
||||
size_t hashbuf_size; /* buffer size */
|
||||
uint32_t hashbuf_size; /* buffer size */
|
||||
size_t specfile_cnt; /* how many specfiles processed */
|
||||
char **specfile_list; /* and their names */
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue