Re: [PATCH] apparmor: Fix use-after-free in aa_audit_rule_init

On Sun, Oct 20, 2019 at 1:51 PM John Johansen wrote: > > On 10/20/19 7:16 AM, Markus Elfring wrote: > >> … But after this release the the return statement > >> tries to access the label field of the rule which results in > >> use-after-free. Before releaseing the rule, copy errNo and return it >

Re: [PATCH] apparmor: Fix use-after-free in aa_audit_rule_init

On 10/20/19 7:16 AM, Markus Elfring wrote: >> … But after this release the the return statement >> tries to access the label field of the rule which results in >> use-after-free. Before releaseing the rule, copy errNo and return it >> after releasing rule. > Navid thanks for finding this, and

Re: [PATCH] apparmor: Fix use-after-free in aa_audit_rule_init

> … But after this release the the return statement > tries to access the label field of the rule which results in > use-after-free. Before releaseing the rule, copy errNo and return it > after releasing rule. Please avoid a duplicate word and a typo in this change description. … > +++

[PATCH] apparmor: Fix use-after-free in aa_audit_rule_init

In the implementation of aa_audit_rule_init(), when aa_label_parse() fails the allocated memory for rule is released using aa_audit_rule_free(). But after this release the the return statement tries to access the label field of the rule which results in use-after-free. Before releaseing the rule,