tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull apparmor fix from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
apparmor: fix oops, validate buffer size in apparmor_setprocattr()

Linus Torvalds cc23c619 7ed18e2d

+19 -17
+19 -17
security/apparmor/lsm.c
··· 500 500 { 501 501 struct common_audit_data sa; 502 502 struct apparmor_audit_data aad = {0,}; 503 - char *command, *args = value; 503 + char *command, *largs = NULL, *args = value; 504 504 size_t arg_size; 505 505 int error; 506 506 507 507 if (size == 0) 508 508 return -EINVAL; 509 - /* args points to a PAGE_SIZE buffer, AppArmor requires that 510 - * the buffer must be null terminated or have size <= PAGE_SIZE -1 511 - * so that AppArmor can null terminate them 512 - */ 513 - if (args[size - 1] != '\0') { 514 - if (size == PAGE_SIZE) 515 - return -EINVAL; 516 - args[size] = '\0'; 517 - } 518 - 519 509 /* task can only write its own attributes */ 520 510 if (current != task) 521 511 return -EACCES; 522 512 523 - args = value; 513 + /* AppArmor requires that the buffer must be null terminated atm */ 514 + if (args[size - 1] != '\0') { 515 + /* null terminate */ 516 + largs = args = kmalloc(size + 1, GFP_KERNEL); 517 + if (!args) 518 + return -ENOMEM; 519 + memcpy(args, value, size); 520 + args[size] = '\0'; 521 + } 522 + 523 + error = -EINVAL; 524 524 args = strim(args); 525 525 command = strsep(&args, " "); 526 526 if (!args) 527 - return -EINVAL; 527 + goto out; 528 528 args = skip_spaces(args); 529 529 if (!*args) 530 - return -EINVAL; 530 + goto out; 531 531 532 532 arg_size = size - (args - (char *) value); 533 533 if (strcmp(name, "current") == 0) { ··· 553 553 goto fail; 554 554 } else 555 555 /* only support the "current" and "exec" process attributes */ 556 - return -EINVAL; 556 + goto fail; 557 557 558 558 if (!error) 559 559 error = size; 560 + out: 561 + kfree(largs); 560 562 return error; 561 563 562 564 fail: ··· 567 565 aad.profile = aa_current_profile(); 568 566 aad.op = OP_SETPROCATTR; 569 567 aad.info = name; 570 - aad.error = -EINVAL; 568 + aad.error = error = -EINVAL; 571 569 aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); 572 - return -EINVAL; 570 + goto out; 573 571 } 574 572 575 573 static int apparmor_task_setrlimit(struct task_struct *task,