[PATCH 4/6] apparmor: fix invalid reference to index variable of iterator line 836
John Johansen
john.johansen at canonical.com
Thu Apr 6 13:55:22 UTC 2017
Once the loop on lines 836-853 is complete and exits normally, ent is a
pointer to the dummy list head value. The derefernces accessible from eg
the goto fail on line 860 or the various goto fail_lock's afterwards thus
seem incorrect.
Reported-by: Julia Lawall <julia.lawall at lip6.fr>
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index f44312a..c0a4066 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -874,9 +874,11 @@ ssize_t aa_replace_profiles(struct aa_ns *view, struct aa_profile *profile,
if (ns_name) {
ns = aa_prepare_ns(view, ns_name);
if (IS_ERR(ns)) {
+ op = OP_PROF_LOAD;
info = "failed to prepare namespace";
error = PTR_ERR(ns);
ns = NULL;
+ ent = NULL;
goto fail;
}
} else
@@ -1011,7 +1013,7 @@ ssize_t aa_replace_profiles(struct aa_ns *view, struct aa_profile *profile,
/* audit cause of failure */
op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
fail:
- audit_policy(profile, op, ns_name, ent->new->base.hname,
+ audit_policy(profile, op, ns_name, ent ? ent->new->base.hname : NULL,
info, error);
/* audit status that rest of profiles in the atomic set failed too */
info = "valid profile in failed atomic policy load";
@@ -1021,7 +1023,7 @@ ssize_t aa_replace_profiles(struct aa_ns *view, struct aa_profile *profile,
/* skip entry that caused failure */
continue;
}
- op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
+ op = (!tmp->old) ? OP_PROF_LOAD : OP_PROF_REPL;
audit_policy(profile, op, ns_name,
tmp->new->base.hname, info, error);
}
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list