| Message ID | 1288650257-4289-2-git-send-email-john.johansen@canonical.com |
|---|---|
| State | Accepted |
| Delegated to: | Andy Whitcroft |
| Headers | show |
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index c2b6225..d8ab6d3 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) /* discard extraneous rules that this kernel will * never request */ - if (i > AF_MAX) { + if (i >= AF_MAX) { u16 tmp; if (!unpack_u16(e, &tmp, NULL) || !unpack_u16(e, &tmp, NULL) ||
The unpacking of network rules, unpacks 1 more rule than it should. It should drop all rules with network types AF_MAX or greater. Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/policy_unpack.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)