Commit cdbd2884 authored Feb 16, 2012 by John Johansen

AppArmor: Add mising end of structure test to caps unpacking



The unpacking of struct capsx is missing a check for the end of the
caps structure.  This can lead to unpack failures depending on what else
is packed into the policy file being unpacked.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

parent d384b0a1

security/apparmor/policy_unpack.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -554,6 +554,8 @@ static struct aa_profile unpack_profile(struct aa_ext e)
		goto fail;
		if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
		goto fail;
		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
		goto fail;
		}

		if (!unpack_rlimits(e, profile))