[PATCH] apparmor: Fix null pointer deref when receiving skb during sock creation
John Johansen
john.johansen at canonical.com
Sat Jan 27 08:20:04 UTC 2024
On 1/22/24 22:16, Xiao Liang wrote:
> On Mon, Oct 16, 2023 at 11:36 AM John Johansen
> <john.johansen at canonical.com> wrote:
>>
>> On 9/1/23 17:48, Xiao Liang wrote:
>>> The panic below is observed when receiving ICMP packets with secmark set
>>> while an ICMP raw socket is being created. SK_CTX(sk)->label is updated
>>> in apparmor_socket_post_create(), but the packet is delivered to the
>>> socket before that, causing the null pointer dereference.
>>> Drop the packet if label context is not set.
>>
>> not sure how I dropped this one, thanks for the patch. I have pulled it into the apparmor tree
>>
>
> I haven't seen this patch in the tree yet. May I know the status?
sorry, this did get pulled in, but for some reason, didn't get promoted into apparmor-next
I will try to send it up for -rc3
More information about the Linux-security-module-archive
mailing list