Patchwork [3/3] UBUNTU: SAUCE: AppArmor: Fix oops in profile verification if profile unpack fails.

login
register
mail settings
Submitter John Johansen
Date March 30, 2010, 5:33 p.m.
Message ID <1269970421-24271-3-git-send-email-john.johansen@canonical.com>
Download mbox | patch
Permalink /patch/48996/
State Superseded
Delegated to: Andy Whitcroft
Headers show

Comments

John Johansen - March 30, 2010, 5:33 p.m.
From: John Johansen <john.johansen@canonical.com>

Profile verification should not be run if profile unpack fails, as this
will cause an oops trying to dereference invalid data.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy_unpack.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

Patch

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 20bdf9c..a475d7c 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -707,9 +707,10 @@  struct aa_profile *aa_unpack(void *udata, size_t size,
 		return ERR_PTR(error);
 
 	profile = unpack_profile(&e, sa);
-	if (IS_ERR(profile))
+	if (IS_ERR(profile)) {
 		sa->pos = e.pos - e.start;
-
+		return profile;
+	}
 	error = verify_profile(profile, sa);
 	if (error) {
 		aa_put_profile(profile);