[Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load
John Johansen
john.johansen at canonical.com
Sat Apr 14 05:52:58 UTC 2018
AppArmor is leaking the newly loaded profile and its proxy when
the profile is an exact match to the currently loaded version.
In this case the match check results in the profile being skipped
and put with out dealing with the proxy and forwarding thus creating
a circular refcount and a leak.
BugLink: http://bugs.launchpad.net/bugs/1750594
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index b0b58848c248..a92c167c9249 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1003,6 +1003,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
audit_policy(label, op, ns_name, ent->new->base.hname,
"same as current profile, skipping",
error);
+ /* break refcount cycle with proxy. */
+ aa_put_proxy(ent->new->label.proxy);
+ ent->new->label.proxy = NULL;
goto skip;
}
--
2.14.1
More information about the kernel-team
mailing list