[PATCH 2/5] UBUNTU: SAUCE: AppArmor: Fix Oops when in apparmor_bprm_set_creds

John Johansen john.johansen at canonical.com
Tue Nov 10 18:29:10 UTC 2009

BugLink: http://bugs.launchpad.net/bugs/437258

SRU Justification: This can cause an oops at 000068.  This will happen to
all processes confined or unconfined when name resolution fails at exec.
This can happen in a couple different cases, applications like psxe, and mugen
munge the process during their decrompress and set up links so that a valid
name does not exist.  The other way that this can happen is executing code
from a path that has been lazily unmounted.  This can occur with nfs and
automounters, or any mount point that gets unmounted with lazy unmount allowed.

If name resolution fails due on exec and a profile is not defined
then AppArmor will cause an oops due to a broken conditional leading to
dereferencing a profile pointer that is null.

Signed-off-by: John Johansen <john.johansen at canonical.com>
 ubuntu/apparmor/domain.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ubuntu/apparmor/domain.c b/ubuntu/apparmor/domain.c
index aa25be2..128e527 100644
--- a/ubuntu/apparmor/domain.c
+++ b/ubuntu/apparmor/domain.c
@@ -248,7 +248,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 	sa.base.error = aa_get_name(&bprm->file->f_path, 0, &buffer,
 				    (char **) &sa.name);
 	if (sa.base.error) {
-		if (profile || profile->flags & PFLAG_IX_ON_NAME_ERROR)
+		if (!profile || profile->flags & PFLAG_IX_ON_NAME_ERROR)
 			sa.base.error = 0;
 		sa.base.info = "Exec failed name resolution";
 		sa.name = bprm->filename;

More information about the kernel-team mailing list