[apparmor] [PATCH 26/32] apparmor: fix fully qualified name parsing
John Johansen
john.johansen at canonical.com
Wed Jan 16 21:28:55 UTC 2013
currently apparmor name parsing is only correctly handling
:<NS>:<profile>
but
:<NS>://<profile>
is also a valid form and what is exported to userspace.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/lib.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index d6e1f21..d40bc59 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
*ns_name = skip_spaces(&name[1]);
if (split) {
/* overwrite ':' with \0 */
- *split = 0;
- name = skip_spaces(split + 1);
+ *split++ = 0;
+ if (strncmp(split, "//", 2) == 0)
+ split += 2;
+ name = skip_spaces(split);
} else
/* a ns name without a following profile is allowed */
name = NULL;
--
1.7.10.4
More information about the AppArmor
mailing list