[LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

* [LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer
@ 2026-01-07  8:06 Po-Hsu Lin via ltp
  2026-01-07  9:03 ` Andrea Cervesato via ltp
  0 siblings, 1 reply; 3+ messages in thread
From: Po-Hsu Lin via ltp @ 2026-01-07  8:06 UTC (permalink / raw)
  To: ltp; +Cc: po-hsu.lin

The tst_lsm_enabled() function reads /sys/kernel/security/lsm into an
uninitialized local stack buffer. The dirty stack might cause incorrect
parsing results for the last LSM and make string comparison to fail.

This issue was found on Ubuntu Noble 6.8.0-93.95 ppc64el, where apparmor
is the last LSM in the list:

  $ od -c /sys/kernel/security/lsm
  0000000   l   o   c   k   d   o   w   n   ,   c   a   p   a   b   i   l
  0000020   i   t   y   ,   l   a   n   d   l   o   c   k   ,   y   a   m
  0000040   a   ,   a   p   p   a   r   m   o   r
  0000052

But this issue makes it fail to parse the apparmor string correctly, and
leads to a lsm_get_self_attr02 test failure.

This can be reproduced by poisioning the memory with a non-null character,
along with the "selinux", "apparmor", or "smack" to be the last LSM in the
list.

Test will pass after zeroing out the buffer before reading.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 lib/tst_security.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tst_security.c b/lib/tst_security.c
index c51527135..00be4d72e 100644
--- a/lib/tst_security.c
+++ b/lib/tst_security.c
@@ -39,6 +39,8 @@ int tst_lsm_enabled(const char *name)
 	if (access(LSM_SYS_FILE, F_OK))
 		tst_brk(TCONF, "%s file is not present", LSM_SYS_FILE);

+	memset(data, 0, BUFSIZ);
+
 	fd = SAFE_OPEN(LSM_SYS_FILE, O_RDONLY);
 	SAFE_READ(0, fd, data, BUFSIZ);
 	SAFE_CLOSE(fd);
-- 
2.43.0

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer
  2026-01-07  8:06 [LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer Po-Hsu Lin via ltp
@ 2026-01-07  9:03 ` Andrea Cervesato via ltp
  2026-01-07  9:23   ` Petr Vorel
  0 siblings, 1 reply; 3+ messages in thread
From: Andrea Cervesato via ltp @ 2026-01-07  9:03 UTC (permalink / raw)
  To: Po-Hsu Lin, ltp

Thanks for fixing it. Merged.

Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Andrea Cervesato
SUSE QE Automation Engineer Linux
andrea.cervesato@suse.com


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer
  2026-01-07  9:03 ` Andrea Cervesato via ltp
@ 2026-01-07  9:23   ` Petr Vorel
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Vorel @ 2026-01-07  9:23 UTC (permalink / raw)
  To: Andrea Cervesato; +Cc: Po-Hsu Lin, ltp

Hi all,

> +       memset(data, 0, BUFSIZ);

I'd slightly prefer to use {0}

char data[BUFSIZ] = {0};

But sure memset works as well.
Thanks for fixing it.

Kind regards,
Petr

> Thanks for fixing it. Merged.

> Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-01-07  9:23 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-07  8:06 [LTP] [PATCH] tst_security.c: fix lsm parsing failure due to uninitialized buffer Po-Hsu Lin via ltp
2026-01-07  9:03 ` Andrea Cervesato via ltp
2026-01-07  9:23   ` Petr Vorel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox