From: John Johansen <[email protected]> Protect against bugs in AppArmor's getsockopt() LSM hook from sending aa_getpeercon() into an infinite loop.
Signed-off-by: John Johansen <[email protected]> --- libraries/libapparmor/src/kernel_interface.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c index 8252b88..1c3b4df 100644 --- a/libraries/libapparmor/src/kernel_interface.c +++ b/libraries/libapparmor/src/kernel_interface.c @@ -599,7 +599,7 @@ out: */ int aa_getpeercon(int fd, char **con) { - int rc, size = INITIAL_GUESS_SIZE; + int rc, last_size, size = INITIAL_GUESS_SIZE; char *buffer = NULL; if (!con) { @@ -608,13 +608,15 @@ int aa_getpeercon(int fd, char **con) } do { + last_size = size; buffer = realloc(buffer, size); if (!buffer) return -1; memset(buffer, 0, size); rc = aa_getpeercon_raw(fd, buffer, &size); - } while (rc == -1 && errno == ERANGE); + /* size should contain actual size needed if errno == ERANGE */ + } while (rc == -1 && errno == ERANGE && size > last_size); if (rc == -1) { free(buffer); -- 1.8.1.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
