mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/apparmor
History
Jann Horn 4a60589dc0 apparmor: enforce nullbyte at end of tag string 
commit 8404d7a674 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-07-10 09:55:29 +02:00
..
include apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
.gitignore
Kconfig apparmor: add parameter to control whether policy hashing is used 2016-07-12 08:43:10 -07:00
Makefile
apparmorfs.c fs: Replace CURRENT_TIME with current_time() for inode timestamps 2016-09-27 21:06:21 -04:00
audit.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
capability.c
context.c
crypto.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
domain.c apparmor: fix change_hat not finding hat after policy replacement 2016-11-21 18:01:28 +11:00
file.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
ipc.c
lib.c
lsm.c apparmor: Make path_max parameter readonly 2018-03-22 09:17:48 +01:00
match.c apparmor: do not expose kernel stack 2016-07-12 08:43:10 -07:00
path.c apparmor: internal paths should be treated as disconnected 2016-07-12 08:43:10 -07:00
policy.c apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
policy_unpack.c apparmor: enforce nullbyte at end of tag string 2019-07-10 09:55:29 +02:00
procattr.c
resource.c apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task 2016-07-12 08:43:10 -07:00
sid.c