From patchwork Thu Sep 16 12:37:31 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 64962 X-Patchwork-Delegate: leann.ogasawara@canonical.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 90058104798 for ; Thu, 16 Sep 2010 22:37:47 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1OwDic-0006Xv-Ov; Thu, 16 Sep 2010 13:37:38 +0100 Received: from wine.ocn.ne.jp ([122.1.235.145] helo=smtp.wine.ocn.ne.jp) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1OwDiY-0006WP-VA for kernel-team@lists.ubuntu.com; Thu, 16 Sep 2010 13:37:35 +0100 Received: from CLAMP (p3029-ipbf4202marunouchi.tokyo.ocn.ne.jp [123.224.228.29]) by smtp.wine.ocn.ne.jp (Postfix) with ESMTP id 143CC4C7D; Thu, 16 Sep 2010 21:37:33 +0900 (JST) To: john.johansen@canonical.com Subject: Re: [PATCH 3/3] UBUNTU: SAUCE: AppArmor: allow newer tools to loadpolicyon older kernels From: Tetsuo Handa References: <1284570966-6603-1-git-send-email-john.johansen@canonical.com> <1284570966-6603-4-git-send-email-john.johansen@canonical.com> <201009160641.IJD90105.CPNVGVtUVSO@I-love.SAKURA.ne.jp> <4C92025F.7050803@canonical.com> In-Reply-To: <4C92025F.7050803@canonical.com> Message-Id: <201009162137.DCE64533.ONGCVSVtVUP@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Thu, 16 Sep 2010 21:37:31 +0900 Mime-Version: 1.0 Cc: kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com John Johansen wrote: > On 09/15/2010 02:41 PM, Tetsuo Handa wrote: > > John Johansen wrote: > >> security/apparmor/policy_unpack.c | 3 --- > >> 1 files changed, 0 insertions(+), 3 deletions(-) > >> > >> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c > >> index 6b0637b..ef11ba9 100644 > >> --- a/security/apparmor/policy_unpack.c > >> +++ b/security/apparmor/policy_unpack.c > >> @@ -575,9 +575,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) > >> > >> size = unpack_array(e, "net_allowed_af"); > >> if (size) { > >> - if (size > AF_MAX) > >> - goto fail; > >> - > >> for (i = 0; i < size; i++) { > >> if (!unpack_u16(e, &profile->net.allow[i], NULL)) > > > > If this patch changes to accept size > AF_MAX , this patch should change > > to allocate net.allow[size] rather than net.allow[AF_MAX] . > > > >> goto fail; > > yes it should, I did make that change but it looks like I didn't push it > to the remote repo from which I pulled :( But allocating net.allow[size] is useless because kernel would reject before calling LSM hooks if size > AF_MAX . Then, read and discard is sufficient? --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -575,7 +575,7 @@ size = unpack_array(e, "net_allowed_af"); if (size) { - for (i = 0; i < size; i++) { + for (i = 0; i < size && i < AF_MAX; i++) { if (!unpack_u16(e, &profile->net.allow[i], NULL)) goto fail; if (!unpack_u16(e, &profile->net.audit[i], NULL)) @@ -583,6 +583,20 @@ if (!unpack_u16(e, &profile->net.quiet[i], NULL)) goto fail; } + /* + * A newer version of userspace tools might support more + * address families than this kernel supports. Read and discard + * address families which are not supported by this kernel. + */ + for (; i < size; i++) { + u16 dummy; + if (!unpack_u16(e, &dummy, NULL)) + goto fail; + if (!unpack_u16(e, &dummy, NULL)) + goto fail; + if (!unpack_u16(e, &dummy, NULL)) + goto fail; + } if (!unpack_nameX(e, AA_ARRAYEND, NULL)) goto fail; /*