Revert "UBUNTU: SAUCE: AppArmor: allow newer tools to load policy on older kernels"
This reverts commit 1cfe0dc4352e879fef46f597560b851cd4260beb.
Revert because the patch was missing uncommitted changes, so in its
commited form it allows for kernel buffer overflows.
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
security/apparmor/policy_unpack.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index ef11ba9..6b0637b 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -575,6 +575,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
size = unpack_array(e, "net_allowed_af");
if (size) {
+ if (size > AF_MAX)
+ goto fail;
+
for (i = 0; i < size; i++) {
if (!unpack_u16(e, &profile->net.allow[i], NULL))
goto fail;
--
1.7.1
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
|
