rockchip-kernel/security/apparmor at develop-4.4 - rockchip-kernel - 梅狸猫的代码存储库

mirros/rockchip-kernel

Files

History

Jann Horn 9617058178 apparmor: enforce nullbyte at end of tag string

commit 8404d7a674 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2019-07-10 09:56:31 +02:00

..

Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb

2015-02-22 11:38:39 -05:00

.gitignore

AppArmor: remove af_names.h from .gitignore

2012-09-01 08:35:34 -07:00

apparmorfs.c

apparmor: fix ref count leak when profile sha1 hash is read

2016-08-16 09:30:49 +02:00

audit.c

apparmor: remove parent task info from audit logging

2013-10-29 21:34:04 -07:00

capability.c

apparmor: fix capability to not use the current task, during reporting

2013-10-29 21:33:37 -07:00

context.c

apparmor: change how profile replacement update is done

2013-08-14 11:42:06 -07:00

crypto.c

apparmor: Use shash crypto API interface for profile hashes

2013-09-30 09:53:59 +10:00

domain.c

apparmor: fix change_hat not finding hat after policy replacement

2016-12-02 09:09:01 +01:00

file.c

VFS: security/: d_backing_inode() annotations

2015-04-15 15:06:56 -04:00

ipc.c

apparmor: fix capability to not use the current task, during reporting

2013-10-29 21:33:37 -07:00

Kconfig

apparmor: clarify CRYPTO dependency

2015-10-22 11:11:28 +11:00

lib.c

nick kvfree() from apparmor

2014-05-06 14:02:53 -04:00

lsm.c

apparmor: Make path_max parameter readonly

2018-03-22 09:23:24 +01:00

Makefile

apparmor: add the ability to report a sha1 hash of loaded policy

2013-08-14 11:42:08 -07:00

match.c

apparmor: reserve and mask off the top 8 bits of the base field

2013-04-28 00:37:32 -07:00

path.c

Apparmor: Use d_is_positive/negative() rather than testing dentry->d_inode

2015-02-22 11:38:39 -05:00

policy_unpack.c

apparmor: enforce nullbyte at end of tag string

2019-07-10 09:56:31 +02:00

policy.c

apparmor: fix memleak of the profile hash

2013-10-16 11:53:59 +11:00

procattr.c

apparmor: add interface files for profiles and namespaces

2013-08-14 11:42:07 -07:00

resource.c

apparmor: relax the restrictions on setting rlimits

2013-04-28 00:36:46 -07:00

sid.c

AppArmor: core policy routines

2010-08-02 15:38:37 +10:00