WARNING in apparmor_cred_free

John Johansen john.johansen at canonical.com
Thu Jan 17 00:19:29 UTC 2019


On 1/11/19 5:48 PM, Casey Schaufler wrote:
> From 1a2a99f3cfd069baf9aa0ef91529558bcbe64c14 Mon Sep 17 00:00:00 2001
> From: Casey Schaufler <casey at schaufler-ca.com>
> Date: Fri, 11 Jan 2019 17:37:56 -0800
> Subject: [PATCH 2/2] AppArmor: Fix credential blob assertions
> 
> The assertions for NULL credential blobs don't take blob
> offsetting into account. Check the raw data, not th eoffset value.
> 
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>

in the none stacking case cred->security is the aa_label pointer so
the test should be

AA_BUG(!*blob);

and I would just drop the check from set_cred_label()

> ---
>  security/apparmor/include/cred.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h
> index b9504a05fddc..29cef1b5687c 100644
> --- a/security/apparmor/include/cred.h
> +++ b/security/apparmor/include/cred.h
> @@ -27,7 +27,7 @@ static inline struct aa_label *cred_label(const struct cred *cred)
>  {
>  	struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred;
>  
> -	AA_BUG(!blob);
> +	AA_BUG(!cred->security);
>  	return *blob;
>  }
>  
> @@ -36,7 +36,7 @@ static inline void set_cred_label(const struct cred *cred,
>  {
>  	struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred;
>  
> -	AA_BUG(!blob);
> +	AA_BUG(!cred->security);
>  	*blob = label;
>  }
>  
> 



More information about the Linux-security-module-archive mailing list