summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2012-02-16 07:06:41 -0800
committerJohn Johansen <john.johansen@canonical.com>2012-02-27 11:38:20 -0800
commitcdbd2884df8ad026143bb482a96d38e616947b17 (patch)
tree5a6490419450ee4fe7ae08c1fb57526f8e7c3cc3
parentd384b0a1a35f87f0ad70c29518f98f922b1c15cb (diff)
downloadlinux-cdbd2884df8ad026143bb482a96d38e616947b17.tar.bz2
AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
-rw-r--r--security/apparmor/policy_unpack.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 741dd13e089b..5c46acf5aa65 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
goto fail;
if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
goto fail;
+ if (!unpack_nameX(e, AA_STRUCTEND, NULL))
+ goto fail;
}
if (!unpack_rlimits(e, profile))