[apparmor] libappamor: Fix mode string NUL-termination of aa_getcon() functions
Tyler Hicks
tyhicks at canonical.com
Wed Sep 4 20:17:12 UTC 2013
r2125 caused a regression in aa_getpeercon_raw() when a NULL pointer was
passed into the mode parameter. Instead of unconditionally
NUL-terminating the con string before the mode portion of the security
context, it made it to where the NUL byte was only put into place when
mode was non-NULL.
This resulted in the con string incorrectly containing the label and the
mode.
fixes bug: https://launchpad.net/bugs/1220861
--- libraries/libapparmor/src/kernel_interface.c 2013-08-26 23:54:26 +0000
+++ libraries/libapparmor/src/kernel_interface.c 2013-09-04 19:01:42 +0000
@@ -194,6 +194,7 @@
int rc = -1;
int fd, ret;
char *tmp = NULL;
+ char *mode_str;
int size = 0;
if (!buf || len <= 0) {
@@ -246,8 +247,9 @@
size++;
}
+ mode_str = parse_confinement_mode(buf, size);
if (mode)
- *mode = parse_confinement_mode(buf, size);
+ *mode = mode_str;
}
rc = size;
More information about the AppArmor
mailing list