ACK: [Bionic] [PATCH] UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load

Tyler Hicks tyhicks at canonical.com
Mon Apr 16 18:24:32 UTC 2018


On 04/14/2018 12:52 AM, John Johansen wrote:
> AppArmor is leaking the newly loaded profile and its proxy when
> the profile is an exact match to the currently loaded version.
> 
> In this case the match check results in the profile being skipped
> and put with out dealing with the proxy and forwarding thus creating
> a circular refcount and a leak.
> 
> BugLink: http://bugs.launchpad.net/bugs/1750594
> Signed-off-by: John Johansen <john.johansen at canonical.com>

This looks correct to me. aa_replace_profiles() calls aa_unpack() ->
unpack_profile() -> aa_alloc_profile() -> aa_get_proxy() so calling
aa_put_proxy() in this short circuit makes sense.

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> ---
>  security/apparmor/policy.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index b0b58848c248..a92c167c9249 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -1003,6 +1003,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
>  			audit_policy(label, op, ns_name, ent->new->base.hname,
>  				     "same as current profile, skipping",
>  				     error);
> +			/* break refcount cycle with proxy. */
> +			aa_put_proxy(ent->new->label.proxy);
> +			ent->new->label.proxy = NULL;
>  			goto skip;
>  		}
>  
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180416/18c9b1b7/attachment.sig>


More information about the kernel-team mailing list