[apparmor] libappamor: Fix mode string NUL-termination of aa_getcon() functions
Tyler Hicks
tyhicks at canonical.com
Wed Sep 4 21:49:12 UTC 2013
On 2013-09-04 14:41:04, Seth Arnold wrote:
> On Wed, Sep 04, 2013 at 01:17:12PM -0700, Tyler Hicks wrote:
> > r2125 caused a regression in aa_getpeercon_raw() when a NULL pointer was
> > passed into the mode parameter. Instead of unconditionally
> > NUL-terminating the con string before the mode portion of the security
> > context, it made it to where the NUL byte was only put into place when
> > mode was non-NULL.
> >
> > This resulted in the con string incorrectly containing the label and the
> > mode.
> >
> > fixes bug: https://launchpad.net/bugs/1220861
>
> Ha! Well-spotted. :)
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks!
>
> It doesn't look to me like 2.8 requires this patch -- is that correct?
Correct - it was caused by one of the D-Bus prereq patches so it isn't
in 2.8.
Tyler
>
> Thanks
>
> > --- libraries/libapparmor/src/kernel_interface.c 2013-08-26 23:54:26 +0000
> > +++ libraries/libapparmor/src/kernel_interface.c 2013-09-04 19:01:42 +0000
> > @@ -194,6 +194,7 @@
> > int rc = -1;
> > int fd, ret;
> > char *tmp = NULL;
> > + char *mode_str;
> > int size = 0;
> >
> > if (!buf || len <= 0) {
> > @@ -246,8 +247,9 @@
> > size++;
> > }
> >
> > + mode_str = parse_confinement_mode(buf, size);
> > if (mode)
> > - *mode = parse_confinement_mode(buf, size);
> > + *mode = mode_str;
> > }
> > rc = size;
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130904/dd6b0615/attachment.pgp>
More information about the AppArmor
mailing list