[PATCH 1/2] Revert "UBUNTU: SAUCE: AppArmor: allow newer tools to load policy on older kernels"
John Johansen
john.johansen at canonical.com
Fri Sep 17 16:02:34 UTC 2010
This reverts commit 1cfe0dc4352e879fef46f597560b851cd4260beb.
Revert because the patch was missing uncommitted changes, so in its
commited form it allows for kernel buffer overflows.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy_unpack.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index ef11ba9..6b0637b 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -575,6 +575,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
size = unpack_array(e, "net_allowed_af");
if (size) {
+ if (size > AF_MAX)
+ goto fail;
+
for (i = 0; i < size; i++) {
if (!unpack_u16(e, &profile->net.allow[i], NULL))
goto fail;
--
1.7.1
More information about the kernel-team
mailing list