[PATCH] apparmor: Fix null pointer deref when receiving skb during sock creation

Xiao Liang shaw.leon at gmail.com
Tue Jan 23 06:16:44 UTC 2024


On Mon, Oct 16, 2023 at 11:36 AM John Johansen
<john.johansen at canonical.com> wrote:
>
> On 9/1/23 17:48, Xiao Liang wrote:
> > The panic below is observed when receiving ICMP packets with secmark set
> > while an ICMP raw socket is being created. SK_CTX(sk)->label is updated
> > in apparmor_socket_post_create(), but the packet is delivered to the
> > socket before that, causing the null pointer dereference.
> > Drop the packet if label context is not set.
>
> not sure how I dropped this one, thanks for the patch. I have pulled it into the apparmor tree
>

I haven't seen this patch in the tree yet. May I know the status?



More information about the Linux-security-module-archive mailing list