packages: kernel/kernel-small_fixes.patch - apparmor oops fix

Wed, 01 Jun 2011 14:41:23 -0700 

Author: arekm                        Date: Wed Jun  1 21:41:06 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- apparmor oops fix

---- Files affected:
packages/kernel:
   kernel-small_fixes.patch (1.25 -> 1.26) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.25 
packages/kernel/kernel-small_fixes.patch:1.26
--- packages/kernel/kernel-small_fixes.patch:1.25       Thu May 19 10:24:00 2011
+++ packages/kernel/kernel-small_fixes.patch    Wed Jun  1 23:41:01 2011
@@ -153,4 +153,36 @@
 --
 To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
 the body of a message to [email protected]
-More majordomo info at  http://vger.kernel.org/majordomo-info.html
\ No newline at end of file
+More majordomo info at  http://vger.kernel.org/majordomo-info.htmlcommit 
a5b2c5b2ad5853591a6cac6134cd0f599a720865
+Author: Kees Cook <[email protected]>
+Date:   Tue May 31 11:31:41 2011 -0700
+
+    AppArmor: fix oops in apparmor_setprocattr
+    
+    When invalid parameters are passed to apparmor_setprocattr a NULL deref
+    oops occurs when it tries to record an audit message. This is because
+    it is passing NULL for the profile parameter for aa_audit. But aa_audit
+    now requires that the profile passed is not NULL.
+    
+    Fix this by passing the current profile on the task that is trying to
+    setprocattr.
+    
+    Signed-off-by: Kees Cook <[email protected]>
+    Signed-off-by: John Johansen <[email protected]>
+    Cc: [email protected]
+    Signed-off-by: James Morris <[email protected]>
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ae3a698..ec1bcec 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct task_struct *task, 
char *name,
+                       sa.aad.op = OP_SETPROCATTR;
+                       sa.aad.info = name;
+                       sa.aad.error = -EINVAL;
+-                      return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++                      return aa_audit(AUDIT_APPARMOR_DENIED,
++                                      __aa_current_profile(), GFP_KERNEL,
+                                       &sa, NULL);
+               }
+       } else if (strcmp(name, "exec") == 0) {
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.25&r2=1.26&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to