On Sun, Jun 23, 2013 at 04:23:13PM -0700, Tyler Hicks wrote: > From: John Johansen <[email protected]> > > Protect against bugs in AppArmor's getsockopt() LSM hook from sending > aa_getpeercon() into an infinite loop. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> > --- > libraries/libapparmor/src/kernel_interface.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/libraries/libapparmor/src/kernel_interface.c > b/libraries/libapparmor/src/kernel_interface.c > index 8252b88..1c3b4df 100644 > --- a/libraries/libapparmor/src/kernel_interface.c > +++ b/libraries/libapparmor/src/kernel_interface.c > @@ -599,7 +599,7 @@ out: > */ > int aa_getpeercon(int fd, char **con) > { > - int rc, size = INITIAL_GUESS_SIZE; > + int rc, last_size, size = INITIAL_GUESS_SIZE; > char *buffer = NULL; > > if (!con) { > @@ -608,13 +608,15 @@ int aa_getpeercon(int fd, char **con) > } > > do { > + last_size = size; > buffer = realloc(buffer, size); > if (!buffer) > return -1; > memset(buffer, 0, size); > > rc = aa_getpeercon_raw(fd, buffer, &size); > - } while (rc == -1 && errno == ERANGE); > + /* size should contain actual size needed if errno == ERANGE */ > + } while (rc == -1 && errno == ERANGE && size > last_size); > > if (rc == -1) { > free(buffer); > -- > 1.8.1.2 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
