[PATCH 2/2] UBUNTU: SAUCE: AppArmor: Fix off by 2 error in getprocattr mem allocation

John Johansen john.johansen at canonical.com
Thu Oct 8 20:45:11 UTC 2009


BugLink: http://bugs.launchpad.net/bugs/446595

In AppArmor's get procattr interface when a namespace is defined the
allocation is not large enough for <ns_name> + "://" + <profile_name>, so
AppArmor overwrites 2 bytes of memory it has not allocated.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 ubuntu/apparmor/procattr.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ubuntu/apparmor/procattr.c b/ubuntu/apparmor/procattr.c
index 834cfab..e83f04f 100644
--- a/ubuntu/apparmor/procattr.c
+++ b/ubuntu/apparmor/procattr.c
@@ -49,7 +49,7 @@ int aa_getprocattr(struct aa_namespace *ns, struct aa_profile *profile,
 
 		len = strlen(unconfined_str);
 		if (ns != default_namespace)
-			len += strlen(ns->base.name) + 1;
+			len += strlen(ns->base.name) + 3;	/* :// */
 
 		str = kmalloc(len + 1, GFP_ATOMIC);
 		if (!str)
-- 
1.6.3.3





More information about the kernel-team mailing list