[PATCH v2] apparmor: fix potential label refcnt leak in aa_change_profile

John Johansen john.johansen at canonical.com
Wed Apr 15 18:41:27 UTC 2020


On 4/15/20 4:27 AM, Markus Elfring wrote:
>> According to the comment of aa_get_current_label(), …
> 
> I suggest to make this wording clearer.
> Would you like to refer to any software documentation here?
> 
> 
>> However, when the original object pointed by "label" becomes
>> unreachable because aa_change_profile() returns or a new object
>> is assigned to "label", reference count increased by
>> aa_get_current_label() is not decreased, causing a refcnt leak.
> 
> How do you think about to reduce abbreviations in the commit message?
> 
> Would you like to add the tag “Fixes” to the change description?
> 
Fixes tags are always nice to have filled out, but some times its
hard to determine or the patch submitter doesn't know how or ...
If the fixes tags aren't there I will add them before I push them up.
In this case its

Fixes: 9fcf78cca198 ("apparmor: update domain transitions that are subsets of confinement at nnp")

> Regards,
> Markus
> 



More information about the Linux-security-module-archive mailing list