path: root/security/apparmor
diff options
authorJohn Johansen <john.johansen@canonical.com>2012-02-16 07:06:41 -0800
committerJohn Johansen <john.johansen@canonical.com>2012-02-27 11:38:20 -0800
commitcdbd2884df8ad026143bb482a96d38e616947b17 (patch)
tree5a6490419450ee4fe7ae08c1fb57526f8e7c3cc3 /security/apparmor
parentd384b0a1a35f87f0ad70c29518f98f922b1c15cb (diff)
AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security/apparmor')
1 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 741dd13e089..5c46acf5aa6 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
goto fail;
if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
goto fail;
+ if (!unpack_nameX(e, AA_STRUCTEND, NULL))
+ goto fail;
if (!unpack_rlimits(e, profile))