audit: fix signedness bug in audit_log_execve_info()
authorXi Wang <xi.wang@gmail.com>
Tue, 20 Dec 2011 23:39:41 +0000 (18:39 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 17 Jan 2012 21:17:03 +0000 (16:17 -0500)
commit5afb8a3f96573f7ea018abb768f5b6ebe1a6c1a4
treeda5f2278624eeb9dd09c91f3e9cfb6718a4b44ac
parent10d68360871657204885371cdf2594412675d2f9
audit: fix signedness bug in audit_log_execve_info()

In the loop, a size_t "len" is used to hold the return value of
audit_log_single_execve_arg(), which returns -1 on error.  In that
case the error handling (len <= 0) will be bypassed since "len" is
unsigned, and the loop continues with (p += len) being wrapped.
Change the type of "len" to signed int to fix the error handling.

size_t len;
...
for (...) {
len = audit_log_single_execve_arg(...);
if (len <= 0)
break;
p += len;
}

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
kernel/auditsc.c