[PATCH 4/4] UBUNTU: SAUCE: AppArmor: Fix oops in profile verification if profile unpack fails.
john.johansen at canonical.com
john.johansen at canonical.com
Tue Mar 30 17:39:10 UTC 2010
From: John Johansen <john.johansen at canonical.com>
Profile verification should not be run if profile unpack fails, as this
will cause an oops trying to dereference invalid data.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy_unpack.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 20bdf9c..a475d7c 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -707,9 +707,10 @@ struct aa_profile *aa_unpack(void *udata, size_t size,
return ERR_PTR(error);
profile = unpack_profile(&e, sa);
- if (IS_ERR(profile))
+ if (IS_ERR(profile)) {
sa->pos = e.pos - e.start;
-
+ return profile;
+ }
error = verify_profile(profile, sa);
if (error) {
aa_put_profile(profile);
--
1.6.3.3
More information about the kernel-team
mailing list