[apparmor] [PATCH 05/20] AppArmor: Add mising end of structure test to caps unpacking
John Johansen
john.johansen at canonical.com
Wed Feb 22 17:22:48 UTC 2012
The unpacking of struct capsx is missing a check for the end of the
caps structure. This can lead to unpack failures depending on what else
is packed into the policy file being unpacked.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy_unpack.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 741dd13..5c46acf 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
goto fail;
if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
goto fail;
+ if (!unpack_nameX(e, AA_STRUCTEND, NULL))
+ goto fail;
}
if (!unpack_rlimits(e, profile))
--
1.7.9
More information about the AppArmor
mailing list