UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.

Submitted by John Johansen on Nov. 1, 2010, 10:24 p.m.

Details

Message ID 1288650257-4289-2-git-send-email-john.johansen@canonical.com
State Accepted
Delegated to: Andy Whitcroft
Headers show

Commit Message

John Johansen Nov. 1, 2010, 10:24 p.m.
The unpacking of network rules, unpacks 1 more rule than it should.  It
should drop all rules with network types AF_MAX or greater.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy_unpack.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Patch hide | download patch | download mbox

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c2b6225..d8ab6d3 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@  static struct aa_profile *unpack_profile(struct aa_ext *e)
 			/* discard extraneous rules that this kernel will
 			 * never request
 			 */
-			if (i > AF_MAX) {
+			if (i >= AF_MAX) {
 				u16 tmp;
 				if (!unpack_u16(e, &tmp, NULL) ||
 				    !unpack_u16(e, &tmp, NULL) ||