Re: [PATCH] APPARMOR: Fix NULL Pointer dereference while __add_new_profile

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: John Johansen

Subject: Re: [PATCH] APPARMOR: Fix NULL Pointer dereference while __add_new_profile

Date: Tuesday, November 30, 2010 - 3:19 am

On 11/26/2010 07:18 AM, wzt.wzt@gmail.com wrote:
quoted text> In aa_replace_profiles(), if __lookup_parent() path failed, policy is set 
> to NULL and goto audit label, old_profile and rename_profile are both NULL,
> __add_new_profile is called, the parameter policy is NULL, it will cause
> NULL pointer dereference via __list_add_profile(&policy->profiles, profile);
> 
> Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
> 
NAK, we can't just fail adding the profile to the policy here.  If this
was an error we would need to either return an error or handle it before
the this function was called.

In this case when __lookup_parent fails it sets error = -ENOENT before jumping
to audit:

The way the audit routines work is that they will return the error passed
into them with a few exceptions.  If in complain mode it can override,
the apparmor set eperm and eaccess error codes, and it can return errors that
occurred during auditing.

So in this case the error condition is guaranteed to be set and
__add_new_profile will never get called.

Currently this isn't very clear in the code and it could use a comment, or
maybe even some reworking so that the failure path calls audit_policy directly

quoted text> ---
>  security/apparmor/policy.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index 52cc865..832d9e9 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -940,6 +940,8 @@ static int replacement_allowed(struct aa_profile *profile, int noreplace,
>  static void __add_new_profile(struct aa_namespace *ns, struct aa_policy *policy,
>  			      struct aa_profile *profile)
>  {
> +	if (!policy)
> +		return ;
>  	if (policy != &ns->base)
>  		/* released on profile replacement or free_profile */
>  		profile->parent = aa_get_profile((struct aa_profile *) policy);

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] APPARMOR: Fix NULL Pointer dereference while __add ..., wzt.wzt, (Fri Nov 26, 8:18 am)

Re: [PATCH] APPARMOR: Fix NULL Pointer dereference while _ ..., John Johansen, (Tue Nov 30, 3:19 am)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	Re: [PATCH 0/3] v2 Make hierarchical RCU less IPI-happy and add more tracing
Jeremy Fitzhardinge	Re: Linux 2.6.28.10 and Linux 2.6.29.6 XEN Guest Support Broken x86_64 in BUILD
Nick Piggin	Re: [patch] CFS (Completely Fair Scheduler), v2
Gary Hade	Re: [PATCH 0/5][RFC] Physical PCI slot objects
Dave Johnson	Re: expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
linux-netdev:
Arnd Bergmann	Re: 64-bit net_device_stats
Stephens, Allan	RE: [PATCH]: tipc: Fix oops on send prior to entering networked mode
frank.blaschka	[patch 3/5] [PATCH] qeth: support z/VM VSWITCH Port Isolation
Wu Fengguang	Re: [PATCH] dm9601: handle corrupt mac address
David Miller	Re: [PATCH net-2.6.24] Fix refcounting problem with netif_rx_reschedule()
git:
Junio C Hamano	Re: [PATCH] [RFC] add Message-ID field to log on git-am operation
Junio C Hamano	Re: Handling large files with GIT
Karl	Re: [ANNOUNCE] pg - A patch porcelain for GIT
Josh Triplett	Re: [RFC][PATCH 00/10] Sparse: Git's "make check" target
Pierre Habouzit	Re: [PATCH] git-daemon: more powerful base-path/user-path settings, using formats.
git-commits-head:
Linux Kernel Mailing List	MIPS: RBTX4939: Fix IOC pin-enable register updating
Linux Kernel Mailing List	regulator: update email address for Liam Girdwood
Linux Kernel Mailing List	[SCSI] ipr: add message to error table
Linux Kernel Mailing List	powerpc/32: Wire up the trampoline code for kdump
Linux Kernel Mailing List	USB: omap_udc: sync with OMAP tree
openbsd-misc:
Josh Grosse	Re: error : pkg add phpMyAdmin
Brian Candler	Re: OBSD's perspective on SELinux
Jacob Meuser	Re: /dev/audio: Device busy
David Vasek	Re: Inexpensive, low power, "wall wart" computer
William Boshuck	Re: Richard Stallman...

Colocation donated by:

Syndicate