[apparmor] [PATCH 26/32] apparmor: fix fully qualified name parsing
Seth Arnold
seth.arnold at canonical.com
Fri Feb 1 01:11:54 UTC 2013
On Wed, Jan 16, 2013 at 01:28:55PM -0800, John Johansen wrote:
> currently apparmor name parsing is only correctly handling
> :<NS>:<profile>
>
> but
> :<NS>://<profile>
>
> is also a valid form and what is exported to userspace.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> security/apparmor/lib.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Hrm, I think the current code and this change aren't very resilient to
an illegal input; what happens if the input is:
:<ns>:
It feels like the : would be over-written with \0, but name would be set
to the next byte -- not in the input string.
I looked at the callers only briefly, but it didn't look like anything
would shield this code from bad inputs.
> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index d6e1f21..d40bc59 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
> *ns_name = skip_spaces(&name[1]);
> if (split) {
> /* overwrite ':' with \0 */
> - *split = 0;
> - name = skip_spaces(split + 1);
> + *split++ = 0;
> + if (strncmp(split, "//", 2) == 0)
> + split += 2;
> + name = skip_spaces(split);
> } else
> /* a ns name without a following profile is allowed */
> name = NULL;
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130131/0c883fce/attachment.pgp>
More information about the AppArmor
mailing list