Patchwork [maverick,maverick/ti-omap4,natty/ti-omap4,CVE,1/1] AppArmor: fix oops in apparmor_setprocattr

login
register
mail settings
Submitter Andy Whitcroft
Date Feb. 7, 2012, 10:43 a.m.
Message ID <1328611387-17988-2-git-send-email-apw@canonical.com>
Download mbox | patch
Permalink /patch/139897/
State New
Headers show

Comments

Andy Whitcroft - Feb. 7, 2012, 10:43 a.m.
From: Kees Cook <kees.cook@canonical.com>

When invalid parameters are passed to apparmor_setprocattr a NULL deref
oops occurs when it tries to record an audit message. This is because
it is passing NULL for the profile parameter for aa_audit. But aa_audit
now requires that the profile passed is not NULL.

Fix this by passing the current profile on the task that is trying to
setprocattr.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Cc: stable@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>

(cherry picked from commit a5b2c5b2ad5853591a6cac6134cd0f599a720865)
CVE-2011-3619
BugLink: http://bugs.launchpad.net/bugs/789409
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 security/apparmor/lsm.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
Herton Ronaldo Krzesinski - Feb. 7, 2012, 11:49 a.m.
On Tue, Feb 07, 2012 at 10:43:07AM +0000, Andy Whitcroft wrote:
> From: Kees Cook <kees.cook@canonical.com>
> 
> When invalid parameters are passed to apparmor_setprocattr a NULL deref
> oops occurs when it tries to record an audit message. This is because
> it is passing NULL for the profile parameter for aa_audit. But aa_audit
> now requires that the profile passed is not NULL.
> 
> Fix this by passing the current profile on the task that is trying to
> setprocattr.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> Cc: stable@kernel.org
> Signed-off-by: James Morris <jmorris@namei.org>
> 
> (cherry picked from commit a5b2c5b2ad5853591a6cac6134cd0f599a720865)
> CVE-2011-3619
> BugLink: http://bugs.launchpad.net/bugs/789409
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  security/apparmor/lsm.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index e8d0821..04c708c 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -594,7 +594,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
>  			sa.aad.op = OP_SETPROCATTR;
>  			sa.aad.info = name;
>  			sa.aad.error = -EINVAL;
> -			return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
> +			return aa_audit(AUDIT_APPARMOR_DENIED,
> +					__aa_current_profile(), GFP_KERNEL,
>  					&sa, NULL);
>  		}
>  	} else if (strcmp(name, "exec") == 0) {
> -- 
> 1.7.8.3
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

Patch

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index e8d0821..04c708c 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -594,7 +594,8 @@  static int apparmor_setprocattr(struct task_struct *task, char *name,
 			sa.aad.op = OP_SETPROCATTR;
 			sa.aad.info = name;
 			sa.aad.error = -EINVAL;
-			return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
+			return aa_audit(AUDIT_APPARMOR_DENIED,
+					__aa_current_profile(), GFP_KERNEL,
 					&sa, NULL);
 		}
 	} else if (strcmp(name, "exec") == 0) {