linux/security/apparmor at 3ca013cd63be479be95ea953d08295f05f550c19 - linux - sys114

shinys000114/linux

mirror of https://github.com/hardkernel/linux.git synced 2026-03-28 21:40:27 +09:00

Files

History

Jann Horn 31c9958068 apparmor: enforce nullbyte at end of tag string

commit 8404d7a674 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2019-06-25 11:35:54 +08:00

..

apparmor: fix PROFILE_MEDIATES for untrusted input

2019-06-25 11:35:54 +08:00

.gitignore

apparmor: add base infastructure for socket mediation

2018-03-13 17:25:48 -07:00

apparmorfs.c

apparmorfs: fix use-after-free on symlink traversal

2019-05-25 18:23:42 +02:00

audit.c

apparmor: Fix memory leak of rule on error exit path

2018-06-07 01:50:48 -07:00

capability.c

apparmor: move context.h to cred.h

2018-02-09 11:30:01 -08:00

crypto.c

apparmor: use SHASH_DESC_ON_STACK

2017-04-07 08:58:35 +10:00

domain.c

apparmor: Fix aa_label_build() error handling for failed merges

2019-03-13 14:02:32 -07:00

file.c

apparmor: Check buffer bounds when mapping permissions mask

2018-07-19 16:24:43 -07:00

ipc.c

apparmor: move context.h to cred.h

2018-02-09 11:30:01 -08:00

Kconfig

apparmor: add debug assert AA_BUG and Kconfig to control debug info

2017-01-16 01:18:24 -08:00

label.c

apparmor: fixup secid map conversion to using IDR

2018-06-07 01:50:49 -07:00

lib.c

apparmor: Fix uninitialized value in aa_split_fqname

2018-11-27 16:13:00 +01:00

lsm.c

->file_open(): lose cred argument

2018-07-12 10:04:15 -04:00

Makefile

apparmor: add base infastructure for socket mediation

2018-03-13 17:25:48 -07:00

match.c

apparmor: fix typo "traverse"

2018-05-03 00:50:12 -07:00

mount.c

apparmor: fix typo "independent"

2018-05-03 00:50:30 -07:00

net.c

apparmor: add base infastructure for socket mediation

2018-03-13 17:25:48 -07:00

nulldfa.in

apparmor: cleanup add proper line wrapping to nulldfa.in

2018-02-09 11:30:01 -08:00

path.c

apparmor: Move path lookup to using preallocated buffers

2017-06-08 11:29:34 -07:00

policy_ns.c

apparmor: fix an error code in __aa_create_ns()

2018-08-21 16:24:56 -07:00

policy_unpack.c

apparmor: enforce nullbyte at end of tag string

2019-06-25 11:35:54 +08:00

policy.c

apparmor: fix memory leak when deduping profile load

2018-06-07 01:51:01 -07:00

procattr.c

apparmor: move context.h to cred.h

2018-02-09 11:30:01 -08:00

resource.c

apparmor: fix mediation of prlimit

2018-06-07 01:51:01 -07:00

secid.c

apparmor: fix bad debug check in apparmor_secid_to_secctx()

2018-09-03 11:15:29 -07:00

stacksplitdfa.in

apparmor: use the dfa to do label parse string splitting

2018-02-09 11:30:01 -08:00

task.c

apparmor: update domain transitions that are subsets of confinement at nnp

2018-02-09 11:30:01 -08:00