From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
From: shenxiangwei <shenxiangwei1@huawei.com>
Date: Tue, 2 Aug 2022 21:11:44 +0800
Subject: [PATCH 1/2] fix echecker scan warning

Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
---
 lib/xattr.c      | 3 +++
 parsers/rpm.c    | 4 ++--
 src/rpm_parser.c | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/xattr.c b/lib/xattr.c
index 2aa9c96..3bfb35c 100644
--- a/lib/xattr.c
+++ b/lib/xattr.c
@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
 		return -ENODATA;
 
 	*buf_len = ret;
+	if (*buf_len > 65536)
+		return -ENOMEM;
+
 	*buf = malloc(*buf_len);
 	if (!*buf)
 		return -ENOMEM;
diff --git a/parsers/rpm.c b/parsers/rpm.c
index e344e30..fc6122e 100644
--- a/parsers/rpm.c
+++ b/parsers/rpm.c
@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
 
 	for (i = 0; i < digests_count && digests < bufendp; i++) {
 		u16 modifiers = 0;
-		int digest_str_len = strlen(digests);
-		int basename_str_len = strlen(basenames);
+		size_t digest_str_len = strlen(digests);
+		size_t basename_str_len = strlen(basenames);
 		int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
 		char *obj_label;
 		u16 mode = 0;
diff --git a/src/rpm_parser.c b/src/rpm_parser.c
index 2cb4219..abb4754 100644
--- a/src/rpm_parser.c
+++ b/src/rpm_parser.c
@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
 		algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
 
 	for (i = 0; i < digests_count && digests < bufendp; i++) {
-		int digest_str_len = strlen(digests);
-		int basename_str_len = strlen(basenames);
+		size_t digest_str_len = strlen(digests);
+		size_t basename_str_len = strlen(basenames);
 		u32 dirindex = 0;
 
 		if ((basenames &&
-- 
2.27.0