[3/3] UBUNTU: SAUCE: AppArmor: Fix oops in profile verification if profile unpack fails.

Submitted by John Johansen on March 30, 2010, 5:33 p.m.

Details

Message ID 1269970421-24271-3-git-send-email-john.johansen@canonical.com
State Superseded
Delegated to: Andy Whitcroft
Headers show

Commit Message

John Johansen March 30, 2010, 5:33 p.m.
From: John Johansen <john.johansen@canonical.com>

Profile verification should not be run if profile unpack fails, as this
will cause an oops trying to dereference invalid data.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy_unpack.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 20bdf9c..a475d7c 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -707,9 +707,10 @@  struct aa_profile *aa_unpack(void *udata, size_t size,
 		return ERR_PTR(error);
 
 	profile = unpack_profile(&e, sa);
-	if (IS_ERR(profile))
+	if (IS_ERR(profile)) {
 		sa->pos = e.pos - e.start;
-
+		return profile;
+	}
 	error = verify_profile(profile, sa);
 	if (error) {
 		aa_put_profile(profile);