[apparmor] [patch 03/26] fix failure paths around policy that can result in a crash
Seth Arnold
seth.arnold at canonical.com
Wed Apr 16 01:01:01 UTC 2014
On Tue, Apr 15, 2014 at 05:11:10PM -0700, John Johansen wrote:
> we could do
>
> if (prof->policy.count > 0) {
> prof->policy.dfa = aare_create_dfa(prof->policy.rules,
> &prof->policy.size,
> dfaflags);
> if (!prof->policy.dfa)
> goto out;
> }
>
> # aare_delete_ruleset(prof->policy.rules);
> # prof->policy.rules = NULL;
>
> ! aare_reset_matchflags();
>
> error = 0;
>
> out:
> # aare_delete_ruleset(prof->policy.rules);
> # prof->policy.rules = NULL;
>
> return error;
>
> which removes one of the duplicates.
Oh, hooray. This looks easy enough to rewrite a bit. Though the error=0
might also be needed outside this if() block... but still it feels closer.
:)
if (prof->policy.count > 0) {
prof->policy.dfa = aare_create_dfa(prof->policy.rules,
&prof->policy.size,
dfaflags);
if (prof->policy.dfa)
error = 0;
}
# aare_delete_ruleset(prof->policy.rules);
# prof->policy.rules = NULL;
return error;
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140415/673e72fc/attachment-0001.pgp>
More information about the AppArmor
mailing list