diff options
author | John Johansen <john.johansen@canonical.com> | 2010-11-01 18:16:54 -0400 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2011-09-23 08:47:10 -0600 |
commit | a1e4f62114f83480d3bb8147208eec6dd2f390cb (patch) | |
tree | c3965112cea9b5eb46deb1119760d928377f089d /security | |
parent | c53eb29b48edc7b0576ddbb2ab5bf5b4baf2fe12 (diff) |
UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.
The unpacking of network rules, unpacks 1 more rule than it should. It
should drop all rules with network types AF_MAX or greater.
Fix suggested by Tetsuo Handa in
https://lists.ubuntu.com/archives/kernel-team/2010-November/013327.html
Reported-by: Tetsuo Handa <from-ubuntu@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/policy_unpack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index f78370bf801..f4874c4cd73 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) /* discard extraneous rules that this kernel will * never request */ - if (i > AF_MAX) { + if (i >= AF_MAX) { u16 tmp; if (!unpack_u16(e, &tmp, NULL) || !unpack_u16(e, &tmp, NULL) || |