path: root/security
diff options
authorJohn Johansen <john.johansen@canonical.com>2010-11-01 18:16:54 -0400
committerJohn Rigby <john.rigby@linaro.org>2011-11-16 14:23:15 -0700
commit905102577e063a7bb7a72c54518c6b8775fb1f12 (patch)
treead02e2fbda6db28403a3779ff7dd2c96b7513be7 /security
parent954f73ba42fbbd6302f29cd882ab4ac84e0d7bba (diff)
UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.
The unpacking of network rules, unpacks 1 more rule than it should. It should drop all rules with network types AF_MAX or greater. Fix suggested by Tetsuo Handa in https://lists.ubuntu.com/archives/kernel-team/2010-November/013327.html Reported-by: Tetsuo Handa <from-ubuntu@I-love.SAKURA.ne.jp> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Diffstat (limited to 'security')
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index f78370bf801..f4874c4cd73 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
/* discard extraneous rules that this kernel will
* never request
- if (i > AF_MAX) {
+ if (i >= AF_MAX) {
u16 tmp;
if (!unpack_u16(e, &tmp, NULL) ||
!unpack_u16(e, &tmp, NULL) ||