[PATCH 2/2] UBUNTU: SAUCE: AppArmor: Fix off by 2 error in getprocattr mem allocation
John Johansen
john.johansen at canonical.com
Thu Oct 8 20:45:11 UTC 2009
BugLink: http://bugs.launchpad.net/bugs/446595
In AppArmor's get procattr interface when a namespace is defined the
allocation is not large enough for <ns_name> + "://" + <profile_name>, so
AppArmor overwrites 2 bytes of memory it has not allocated.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
ubuntu/apparmor/procattr.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ubuntu/apparmor/procattr.c b/ubuntu/apparmor/procattr.c
index 834cfab..e83f04f 100644
--- a/ubuntu/apparmor/procattr.c
+++ b/ubuntu/apparmor/procattr.c
@@ -49,7 +49,7 @@ int aa_getprocattr(struct aa_namespace *ns, struct aa_profile *profile,
len = strlen(unconfined_str);
if (ns != default_namespace)
- len += strlen(ns->base.name) + 1;
+ len += strlen(ns->base.name) + 3; /* :// */
str = kmalloc(len + 1, GFP_ATOMIC);
if (!str)
--
1.6.3.3
More information about the kernel-team
mailing list