linux/security/apparmor at ea6eb20cfeb4d94dea14c740812cca64bc0b89d4 - linux - sys114

shinys000114/linux

mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 20:10:23 +09:00

Files

History

Jann Horn 4a60589dc0 apparmor: enforce nullbyte at end of tag string

commit 8404d7a674 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2019-07-10 09:55:29 +02:00

..

apparmor: fix module parameters can be changed after policy is locked

2016-07-12 08:43:10 -07:00

.gitignore

AppArmor: remove af_names.h from .gitignore

2012-09-01 08:35:34 -07:00

apparmorfs.c

fs: Replace CURRENT_TIME with current_time() for inode timestamps

2016-09-27 21:06:21 -04:00

audit.c

apparmor: fix uninitialized lsm_audit member

2016-07-12 08:43:10 -07:00

capability.c

apparmor: fix capability to not use the current task, during reporting

2013-10-29 21:33:37 -07:00

context.c

apparmor: change how profile replacement update is done

2013-08-14 11:42:06 -07:00

crypto.c

apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling

2016-07-27 17:39:26 +10:00

domain.c

apparmor: fix change_hat not finding hat after policy replacement

2016-11-21 18:01:28 +11:00

file.c

apparmor: fix uninitialized lsm_audit member

2016-07-12 08:43:10 -07:00

ipc.c

apparmor: fix capability to not use the current task, during reporting

2013-10-29 21:33:37 -07:00

Kconfig

apparmor: add parameter to control whether policy hashing is used

2016-07-12 08:43:10 -07:00

lib.c

nick kvfree() from apparmor

2014-05-06 14:02:53 -04:00

lsm.c

apparmor: Make path_max parameter readonly

2018-03-22 09:17:48 +01:00

Makefile

apparmor: add the ability to report a sha1 hash of loaded policy

2013-08-14 11:42:08 -07:00

match.c

apparmor: do not expose kernel stack

2016-07-12 08:43:10 -07:00

path.c

apparmor: internal paths should be treated as disconnected

2016-07-12 08:43:10 -07:00

policy_unpack.c

apparmor: enforce nullbyte at end of tag string

2019-07-10 09:55:29 +02:00

policy.c

apparmor: fix module parameters can be changed after policy is locked

2016-07-12 08:43:10 -07:00

procattr.c

apparmor: add interface files for profiles and namespaces

2013-08-14 11:42:07 -07:00

resource.c

apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task

2016-07-12 08:43:10 -07:00

sid.c

AppArmor: core policy routines

2010-08-02 15:38:37 +10:00