[apparmor] [PATCH] Fix oops in audit_cb caused by overwriting ->peer

John Johansen john.johansen at canonical.com
Tue Mar 13 21:09:33 UTC 2018


On 03/13/2018 01:52 PM, Goldwyn Rodrigues wrote:
> From: Goldwyn Rodrigues <rgoldwyn at suse.com>
> 

So apparmor-next already has an alternative patch for this, instead of lifting peer out of the union
it migrates the rlimi struct into the second union, which helps to keep the struct size down.

commit b5beb07ad32ab533027aa988d96a44965ec116f7
Author: John Johansen <john.johansen at canonical.com>
Date:   Fri Feb 9 04:57:39 2018 -0800

    apparmor: fix resource audit messages when auditing peer
    
    Resource auditing is using the peer field which is not available
    when the rlim data struct is used, because it is a different element
    of the same union. Accessing peer during resource auditing could
    cause garbage log entries or even oops the kernel.
    
    Move the rlim data block into the same struct as the peer field
    so they can be used together.
    
    CC: <stable at vger.kernel.org>
    Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
    Signed-off-by: John Johansen <john.johansen at canonical.com>

diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 4ac095118717..2ebc00a579fd 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -126,6 +126,10 @@ struct apparmor_audit_data {
                                        const char *target;
                                        kuid_t ouid;
                                } fs;
+                               struct {
+                                       int rlim;
+                                       unsigned long max;
+                               } rlim;
                                int signal;
                        };
                };
@@ -134,10 +138,6 @@ struct apparmor_audit_data {
                        const char *ns;
                        long pos;
                } iface;
-               struct {
-                       int rlim;
-                       unsigned long max;
-               } rlim;
                struct {
                        const char *src_name;
                        const char *type;




More information about the AppArmor mailing list