diff mbox series

[2/4] UBUNTU: SAUCE: apparmor: fix notification header size

Message ID 20231025123130.2751944-3-john.johansen@canonical.com
State New
Headers show
Series [1/4] UBUNTU: SAUCE: apparmor: fix oops when racing to retrieve notification | expand

Commit Message

John Johansen Oct. 25, 2023, 12:31 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/2040250

When strings are appended to the notification the header size should
be updated to reflect the correct size. While the size is also
directly returned as part of delivering the notification, the header
should also be update to conform to specification and allow for
verification.

If verification is enabled and the notification contains appended
strings then notifications fail verification and won't be delivered.

Fixes: 9a3b87d8b9a0 ("UBUNTU: SAUCE: apparmor4.0.0 [64/76]: prompt - rework build to use append fn, to simplify adding strings")
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/notify.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/security/apparmor/notify.c b/security/apparmor/notify.c
index 63d0e03b429a..e1c5697f79c7 100644
--- a/security/apparmor/notify.c
+++ b/security/apparmor/notify.c
@@ -975,6 +975,9 @@  static long build_v3_unotif(struct aa_knotif *knotif, void __user *buf,
 	if (!build_append_str(buf, pos, max_size, knotif->ad->name,
 			      unotif.file.name, size))
 		return size;
+
+	/* set size after appending strings */
+	unotif.common.len = size;
 	/* now the struct, at the start of user mem */
 	if (copy_to_user(buf, &unotif, sizeof(unotif)))
 		return -EFAULT;