[apparmor] [PATCH 26/32] apparmor: fix fully qualified name parsing

Seth Arnold seth.arnold at canonical.com
Fri Feb 1 01:11:54 UTC 2013


On Wed, Jan 16, 2013 at 01:28:55PM -0800, John Johansen wrote:
> currently apparmor name parsing is only correctly handling
> :<NS>:<profile>
> 
> but
> :<NS>://<profile>
> 
> is also a valid form and what is exported to userspace.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  security/apparmor/lib.c |    6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Hrm, I think the current code and this change aren't very resilient to
an illegal input; what happens if the input is:

:<ns>:

It feels like the : would be over-written with \0, but name would be set
to the next byte -- not in the input string.

I looked at the callers only briefly, but it didn't look like anything
would shield this code from bad inputs.

> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index d6e1f21..d40bc59 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
>  		*ns_name = skip_spaces(&name[1]);
>  		if (split) {
>  			/* overwrite ':' with \0 */
> -			*split = 0;
> -			name = skip_spaces(split + 1);
> +			*split++ = 0;
> +			if (strncmp(split, "//", 2) == 0)
> +				split += 2;
> +			name = skip_spaces(split);
>  		} else
>  			/* a ns name without a following profile is allowed */
>  			name = NULL;

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130131/0c883fce/attachment.pgp>


More information about the AppArmor mailing list