diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-22 03:32:30 -0500 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-02-27 14:38:21 -0500 |
commit | 8b964eae204d791421677ec56b94a7b18cf8740d (patch) | |
tree | 7c1a7b5b6be9f2d9b60d8cba1094635d3f74466c /security/apparmor | |
parent | ade3ddc01e2e426cc24c744be85dcaad4e8f8aba (diff) |
AppArmor: Fix underflow in xindex calculation
If the xindex value stored in the accept tables is 0, the extraction of
that value will result in an underflow (0 - 4).
In properly compiled policy this should not happen for file rules but
it may be possible for other rule types in the future.
To exploit this underflow a user would have to be able to load a corrupt
policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel
memory or know of a compiler error resulting in the flaw being present
for loaded policy (no such flaw is known at this time).
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/include/file.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index ab8c6d87f758..f98fd4701d80 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h | |||
@@ -117,7 +117,7 @@ static inline u16 dfa_map_xindex(u16 mask) | |||
117 | index |= AA_X_NAME; | 117 | index |= AA_X_NAME; |
118 | } else if (old_index == 3) { | 118 | } else if (old_index == 3) { |
119 | index |= AA_X_NAME | AA_X_CHILD; | 119 | index |= AA_X_NAME | AA_X_CHILD; |
120 | } else { | 120 | } else if (old_index) { |
121 | index |= AA_X_TABLE; | 121 | index |= AA_X_TABLE; |
122 | index |= old_index - 4; | 122 | index |= old_index - 4; |
123 | } | 123 | } |