[PATCH 10/14] UBUNTU: SAUCE: apparmor: fix vec_unique for vectors larger than 8
John Johansen
john.johansen at canonical.com
Tue Aug 23 09:05:50 UTC 2016
the vec_unique path for large vectors is broken, leading to oopses
when a file handle is shared between 8 different security domains, and
then a profile replacement/removal causing a label invalidation (ie. not
all replacements) is done.
BugLink: http://bugs.launchpad.net/bugs/1579135
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/label.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 144d759..c11ca99 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -229,7 +229,7 @@ static inline int unique(struct aa_profile **vec, int n)
AA_BUG(!vec);
pos = 0;
- for (i = 1; 1 < n; i++) {
+ for (i = 1; i < n; i++) {
int res = profile_cmp(vec[pos], vec[i]);
AA_BUG(res > 0, "vec not sorted");
if (res == 0) {
--
2.7.4
More information about the kernel-team
mailing list