From 8b964eae204d791421677ec56b94a7b18cf8740d Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 22 Feb 2012 00:32:30 -0800 Subject: AppArmor: Fix underflow in xindex calculation If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen Acked-by: Kees Cook --- security/apparmor/include/file.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/apparmor/include') diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index ab8c6d87f758..f98fd4701d80 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -117,7 +117,7 @@ static inline u16 dfa_map_xindex(u16 mask) index |= AA_X_NAME; } else if (old_index == 3) { index |= AA_X_NAME | AA_X_CHILD; - } else { + } else if (old_index) { index |= AA_X_TABLE; index |= old_index - 4; } -- cgit v1.2.3