Patchwork UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.

login
register
mail settings
Submitter John Johansen
Date Nov. 1, 2010, 10:24 p.m.
Message ID <1288650257-4289-2-git-send-email-john.johansen@canonical.com>
Download mbox | patch
Permalink /patch/69851/
State Accepted
Delegated to: Andy Whitcroft
Headers show

Comments

John Johansen - Nov. 1, 2010, 10:24 p.m.
The unpacking of network rules, unpacks 1 more rule than it should.  It
should drop all rules with network types AF_MAX or greater.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy_unpack.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Patch

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c2b6225..d8ab6d3 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@  static struct aa_profile *unpack_profile(struct aa_ext *e)
 			/* discard extraneous rules that this kernel will
 			 * never request
 			 */
-			if (i > AF_MAX) {
+			if (i >= AF_MAX) {
 				u16 tmp;
 				if (!unpack_u16(e, &tmp, NULL) ||
 				    !unpack_u16(e, &tmp, NULL) ||