[apparmor] [patch] Fix crash in serialize_profile_from_old_profiles()

Seth Arnold seth.arnold at canonical.com
Wed Apr 8 22:25:07 UTC 2015


On Thu, Apr 09, 2015 at 12:04:13AM +0200, Christian Boltz wrote:
> 
> The patch wraps the hasher usage with a check for the parent element to
> avoid auto-creation of empty childs, which then lead to the above crash.

This also changes the indent level of two of the tests -- is that
intentional?

Thanks

> 
> BTW: This is another issue uncovered by the LibreOffice profile ;-)
> 
> I propose this patch for trunk and 2.9
> 
> 
> [ 36-fix-crash-in-serialize_profile_from_old_profiles.diff ]
> 
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-04-08 23:19:51.430530492 +0200
> +++ utils/apparmor/aa.py        2015-04-08 23:46:19.106608343 +0200
> @@ -4125,14 +4125,17 @@
>                  else:
>                      tmpmode = str_to_mode(mode)
>  
> -                if not write_prof_data[hat][allow]['path'][path].get('mode', set()) & tmpmode:
> +                if not write_prof_data[hat][allow]['path'].get(path):
>                      correct = False
> +                else:
> +                    if not write_prof_data[hat][allow]['path'][path].get('mode', set()) & tmpmode:
> +                        correct = False
>  
> -                if nt_name and not write_prof_data[hat][allow]['path'][path].get('to', False) == nt_name:
> -                    correct = False
> +                    if nt_name and not write_prof_data[hat][allow]['path'][path].get('to', False) == nt_name:
> +                        correct = False
>  
> -                if audit and not write_prof_data[hat][allow]['path'][path].get('audit', set()) & tmpmode:
> -                    correct = False
> +                    if audit and not write_prof_data[hat][allow]['path'][path].get('audit', set()) & tmpmode:
> +                        correct = False
>  
>                  if correct:
>                      if not segments['path'] and True in segments.values():
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150408/66b94e6a/attachment.pgp>


More information about the AppArmor mailing list