Message ID | 1284739355-17542-2-git-send-email-john.johansen@canonical.com |
---|---|
State | Accepted |
Delegated to: | Leann Ogasawara |
Headers | show |
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index ef11ba9..6b0637b 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -575,6 +575,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) size = unpack_array(e, "net_allowed_af"); if (size) { + if (size > AF_MAX) + goto fail; + for (i = 0; i < size; i++) { if (!unpack_u16(e, &profile->net.allow[i], NULL)) goto fail;
This reverts commit 1cfe0dc4352e879fef46f597560b851cd4260beb. Revert because the patch was missing uncommitted changes, so in its commited form it allows for kernel buffer overflows. Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/policy_unpack.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)