Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b1b4bc2e authored by John Johansen's avatar John Johansen
Browse files

AppArmor: Fix oops in policy unpack auditing 



Post unpacking of policy a verification pass is made on x transition
indexes.  When this fails a call to audit_iface is made resulting in an
oops, because audit_iface is expecting a valid buffer position but
since the failure comes from post unpack verification there is none.

Make the position argument optional so that audit_iface can be called
from post unpack verification.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent ef9a7622

security/apparmor/policy_unpack.c

+3 −2
Original line number Diff line number Diff line
@@ -84,7 +84,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) 
 * @new: profile if it has been allocated (MAYBE NULL)

 * @name: name of the profile being manipulated (MAYBE NULL)

 * @info: any extra info about the failure (MAYBE NULL)

 * @e: buffer position info (NOT NULL)

 * @e: buffer position info

 * @error: error code

 *

 * Returns: %0 or error
@@ -95,6 +95,7 @@ static int audit_iface(struct aa_profile *new, const char *name, 
	struct aa_profile *profile = __aa_current_profile();

	struct common_audit_data sa;

	COMMON_AUDIT_DATA_INIT(&sa, NONE);

	if (e)

		sa.aad.iface.pos = e->pos - e->start;

	sa.aad.iface.target = new;

	sa.aad.name = name;