[apparmor] [PATCH 1/7] libapparmor: Safeguard aa_getpeercon buffer reallocation

Seth Arnold seth.arnold at canonical.com
Mon Jun 24 18:23:00 UTC 2013


On Sun, Jun 23, 2013 at 04:23:13PM -0700, Tyler Hicks wrote:
> From: John Johansen <john.johansen at canonical.com>
> 
> Protect against bugs in AppArmor's getsockopt() LSM hook from sending
> aa_getpeercon() into an infinite loop.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

> ---
>  libraries/libapparmor/src/kernel_interface.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index 8252b88..1c3b4df 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -599,7 +599,7 @@ out:
>   */
>  int aa_getpeercon(int fd, char **con)
>  {
> -	int rc, size = INITIAL_GUESS_SIZE;
> +	int rc, last_size, size = INITIAL_GUESS_SIZE;
>  	char *buffer = NULL;
>  
>  	if (!con) {
> @@ -608,13 +608,15 @@ int aa_getpeercon(int fd, char **con)
>  	}
>  
>  	do {
> +		last_size = size;
>  		buffer = realloc(buffer, size);
>  		if (!buffer)
>  			return -1;
>  		memset(buffer, 0, size);
>  
>  		rc = aa_getpeercon_raw(fd, buffer, &size);
> -	} while (rc == -1 && errno == ERANGE);
> +		/* size should contain actual size needed if errno == ERANGE */
> +	} while (rc == -1 && errno == ERANGE && size > last_size);
>  
>  	if (rc == -1) {
>  		free(buffer);
> -- 
> 1.8.1.2
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130624/06167a42/attachment.pgp>


More information about the AppArmor mailing list