AppArmor: Add mising end of structure test to caps unpacking

The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: N John Johansen <john.johansen@canonical.com> Acked-by: N Kees Cook <kees@ubuntu.com>

AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: N John Johansen <john.johansen@canonical.com> Acked-by: N Kees Cook <kees@ubuntu.com>
cdbd2884 · John Johansen · d384b0a1 · cdbd2884
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

security/apparmor/policy_unpack.c security/apparmor/policy_unpack.c +2 -0

未找到文件。
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -554,6 +554,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
 			goto fail;
 		if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
 			goto fail;
+		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
+			goto fail;
 	}

 	if (!unpack_rlimits(e, profile))