AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
This commit is contained in:
John Johansen
Родитель
d384b0a1a3
Коммит
cdbd2884df
|
|
@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
|
||||||
goto fail;
|
goto fail;
|
||||||
if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
|
if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
if (!unpack_nameX(e, AA_STRUCTEND, NULL))
|
||||||
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!unpack_rlimits(e, profile))
|
if (!unpack_rlimits(e, profile))
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче