[PATCH] UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.
John Johansen
john.johansen at canonical.com
Mon Nov 1 22:24:17 UTC 2010
The unpacking of network rules, unpacks 1 more rule than it should. It
should drop all rules with network types AF_MAX or greater.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy_unpack.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c2b6225..d8ab6d3 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
/* discard extraneous rules that this kernel will
* never request
*/
- if (i > AF_MAX) {
+ if (i >= AF_MAX) {
u16 tmp;
if (!unpack_u16(e, &tmp, NULL) ||
!unpack_u16(e, &tmp, NULL) ||
--
1.7.1
More information about the kernel-team
mailing list