[apparmor] [PATCH 2/3] parser: Never leave entries list in a bad state
Steve Beattie
steve at nxnw.org
Wed Sep 11 10:23:05 UTC 2013
On Wed, Sep 11, 2013 at 01:42:31AM -0700, Tyler Hicks wrote:
> When merging file entries in process_file_entries(), an error condition
> can leave the entries list in a bad state which can cause invalid reads
> and/or double frees when freeing the codomain and entries list memory.
>
> The problem comes from the need to sort the entries linked list. An
> array of pointers is created to represent the linked list, then the
> array is sorted, then the linked list and the array coexist while the
> entries are merged, then the linked list is reconstructed and the array
> is freed. While the entries are being merged, an error condition can
> occur and the function can return while the linked list is partially
> modified.
>
> The solution is to complete the sorting, reconstruct the linked list,
> and free the array immediately. Once the linked list is in a good state,
> the entries can be merged. Care is taken to adjust the linked list
> pointers as entries are merged. An error condition can occur but the
> linked list is always in a good state and proper cleanup can be
> performed without any memory access issues.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>
I might consider lifting the sort of the file entries out into its own
function, just to make clear the separation between the two steps.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130911/97f1eb34/attachment.pgp>
More information about the AppArmor
mailing list