Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'apparmor-pr-2020-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor bug fixes from John Johansen:

- Fix use-after-free in aa_audit_rule_init

- Fix refcnt leak in policy_update

- Fix potential label refcnt leak in aa_change_profile

* tag 'apparmor-pr-2020-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: Fix use-after-free in aa_audit_rule_init
apparmor: Fix aa_label refcnt leak in policy_update
apparmor: fix potential label refcnt leak in aa_change_profile

+5 -4
+2 -1
security/apparmor/apparmorfs.c
··· 454 454 */ 455 455 error = aa_may_manage_policy(label, ns, mask); 456 456 if (error) 457 - return error; 457 + goto end_section; 458 458 459 459 data = aa_simple_write_to_buffer(buf, size, size, pos); 460 460 error = PTR_ERR(data); ··· 462 462 error = aa_replace_profiles(ns, label, mask, data); 463 463 aa_put_loaddata(data); 464 464 } 465 + end_section: 465 466 end_current_label_crit_section(label); 466 467 467 468 return error;
+2 -1
security/apparmor/audit.c
··· 197 197 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, 198 198 GFP_KERNEL, true, false); 199 199 if (IS_ERR(rule->label)) { 200 + int err = PTR_ERR(rule->label); 200 201 aa_audit_rule_free(rule); 201 - return PTR_ERR(rule->label); 202 + return err; 202 203 } 203 204 204 205 *vrule = rule;
+1 -2
security/apparmor/domain.c
··· 1328 1328 ctx->nnp = aa_get_label(label); 1329 1329 1330 1330 if (!fqname || !*fqname) { 1331 + aa_put_label(label); 1331 1332 AA_DEBUG("no profile name"); 1332 1333 return -EINVAL; 1333 1334 } ··· 1346 1345 else 1347 1346 op = OP_CHANGE_PROFILE; 1348 1347 } 1349 - 1350 - label = aa_get_current_label(); 1351 1348 1352 1349 if (*fqname == '&') { 1353 1350 stack = true;