Message ID | 1255034711-11623-3-git-send-email-john.johansen@canonical.com |
---|---|
State | Accepted |
Headers | show |
diff --git a/ubuntu/apparmor/procattr.c b/ubuntu/apparmor/procattr.c index 834cfab..e83f04f 100644 --- a/ubuntu/apparmor/procattr.c +++ b/ubuntu/apparmor/procattr.c @@ -49,7 +49,7 @@ int aa_getprocattr(struct aa_namespace *ns, struct aa_profile *profile, len = strlen(unconfined_str); if (ns != default_namespace) - len += strlen(ns->base.name) + 1; + len += strlen(ns->base.name) + 3; /* :// */ str = kmalloc(len + 1, GFP_ATOMIC); if (!str)
BugLink: http://bugs.launchpad.net/bugs/446595 In AppArmor's get procattr interface when a namespace is defined the allocation is not large enough for <ns_name> + "://" + <profile_name>, so AppArmor overwrites 2 bytes of memory it has not allocated. Signed-off-by: John Johansen <john.johansen@canonical.com> --- ubuntu/apparmor/procattr.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)