aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2012-02-16 10:06:41 -0500
committerJohn Johansen <john.johansen@canonical.com>2012-02-27 14:38:20 -0500
commitcdbd2884df8ad026143bb482a96d38e616947b17 (patch)
tree5a6490419450ee4fe7ae08c1fb57526f8e7c3cc3
parentd384b0a1a35f87f0ad70c29518f98f922b1c15cb (diff)
AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
-rw-r--r--security/apparmor/policy_unpack.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 741dd13e089b..5c46acf5aa65 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
554 goto fail; 554 goto fail;
555 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) 555 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
556 goto fail; 556 goto fail;
557 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
558 goto fail;
557 } 559 }
558 560
559 if (!unpack_rlimits(e, profile)) 561 if (!unpack_rlimits(e, profile))