[apparmor] [patch] libapparmor: fix aa_change_hat token format string
John Johansen
john.johansen at canonical.com
Thu Jan 23 10:57:33 UTC 2014
On 01/23/2014 02:44 AM, Steve Beattie wrote:
> This patch fixes the format string for the magic token in aa_change_hat
> to match the type of the magic token (long). Without this, on 64
> bit platforms, only the bottom 32 bits of the token would be used.
> aa_change_hatv() has the correct format string, so an aa_change_hatv()
> call followed by an exiting aa_change_hat() call would result in
> the latter having a different token, which would cause the process
> to be killed by apparmor. An aa_change_hat() followed by another
> aa_change_hat() would be safe, as would platforms where int and long
> are the same size.
>
> This patch is for trunk and 2.8.
>
> (Hat tip to John Johansen for spotting the actual bug.)
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> libraries/libapparmor/src/kernel_interface.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: b/libraries/libapparmor/src/kernel_interface.c
> ===================================================================
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -355,7 +355,7 @@ int aa_change_hat(const char *subprofile
> int rc = -1;
> int len = 0;
> char *buf = NULL;
> - const char *fmt = "changehat %016x^%s";
> + const char *fmt = "changehat %016lx^%s";
>
> /* both may not be null */
> if (!(token || subprofile)) {
>
>
>
More information about the AppArmor
mailing list