mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 05:44:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/security
History
Jann Horn 4a60589dc0 apparmor: enforce nullbyte at end of tag string 
commit 8404d7a674 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-10 09:55:29 +02:00
..
apparmor apparmor: enforce nullbyte at end of tag string 2019-07-10 09:55:29 +02:00
integrity ima: re-initialize iint->atomic_flags 2018-12-01 09:44:26 +01:00
keys KEYS: restrict /proc/keys by credentials at open time 2019-03-19 13:14:08 +01:00
loadpin LSM: LoadPin: provide enablement CONFIG 2016-05-17 20:10:30 +10:00
selinux selinux: never allow relabeling on context mounts 2019-05-08 07:19:12 +02:00
smack smack: fix access permissions for keyring 2019-02-12 19:44:54 +01:00
tomoyo mm: replace get_user_pages_remote() write/force parameters with gup_flags 2016-10-19 08:12:02 -07:00
yama Yama: Check for pid death before checking ancestry 2019-01-23 08:10:54 +01:00
commoncap.c xattr: Add __vfs_{get,set,remove}xattr helpers 2016-10-07 20:10:44 -04:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:34:46 +02:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 20:16:43 -07:00
Kconfig KPTI: Rename to PAGE_TABLE_ISOLATION 2018-01-05 15:46:35 +01:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:14:10 +01:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
min_addr.c
security.c LSM: Check for NULL cred-security on free 2019-01-23 08:10:55 +01:00