[apparmor] libappamor: Fix mode string NUL-termination of aa_getcon() functions
Seth Arnold
seth.arnold at canonical.com
Wed Sep 4 21:41:04 UTC 2013
On Wed, Sep 04, 2013 at 01:17:12PM -0700, Tyler Hicks wrote:
> r2125 caused a regression in aa_getpeercon_raw() when a NULL pointer was
> passed into the mode parameter. Instead of unconditionally
> NUL-terminating the con string before the mode portion of the security
> context, it made it to where the NUL byte was only put into place when
> mode was non-NULL.
>
> This resulted in the con string incorrectly containing the label and the
> mode.
>
> fixes bug: https://launchpad.net/bugs/1220861
Ha! Well-spotted. :)
Acked-by: Seth Arnold <seth.arnold at canonical.com>
It doesn't look to me like 2.8 requires this patch -- is that correct?
Thanks
> --- libraries/libapparmor/src/kernel_interface.c 2013-08-26 23:54:26 +0000
> +++ libraries/libapparmor/src/kernel_interface.c 2013-09-04 19:01:42 +0000
> @@ -194,6 +194,7 @@
> int rc = -1;
> int fd, ret;
> char *tmp = NULL;
> + char *mode_str;
> int size = 0;
>
> if (!buf || len <= 0) {
> @@ -246,8 +247,9 @@
> size++;
> }
>
> + mode_str = parse_confinement_mode(buf, size);
> if (mode)
> - *mode = parse_confinement_mode(buf, size);
> + *mode = mode_str;
> }
> rc = size;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130904/79f4b703/attachment.pgp>
More information about the AppArmor
mailing list