[apparmor] [PATCH] apparmor: fix null pointer deref in find_attach when xmatch is null
Ryan Lee
ryan.lee at canonical.com
Mon Aug 19 20:05:21 UTC 2024
find_attach loops over profile entries and first checks for a DFA, falling
back onto a strcmp otherwise. However, the check if (attach->xmatch->dfa)
did not account for the possibility that (attach->xmatch) could be null.
This occured with a sequence of profile replacements that resulted in a
kernel BUG print due to the null pointer dereference.
To avoid this issue, first check that (attach->xmatch) is not null.
The one-line patch is attached to the email.
Ryan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-apparmor-fix-null-pointer-deref-in-find_attach.patch
Type: text/x-patch
Size: 1296 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20240819/6df0ebd8/attachment.bin>
More information about the AppArmor
mailing list