summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2012-03-10 11:25:30 -0800
committerJohn Johansen <john.johansen@canonical.com>2012-03-14 06:15:02 -0700
commitb1b4bc2ed94d157f3ed60c17a12b658ccb96a76f (patch)
treed586d6edc39a957d66df9dd2908759a6c5c622e5 /security/apparmor
parentef9a762279c9ce98c592fb144b31898411feb94d (diff)
downloadlinux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.tar.gz
linux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.tar.bz2
linux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.zip
AppArmor: Fix oops in policy unpack auditing
Post unpacking of policy a verification pass is made on x transition indexes. When this fails a call to audit_iface is made resulting in an oops, because audit_iface is expecting a valid buffer position but since the failure comes from post unpack verification there is none. Make the position argument optional so that audit_iface can be called from post unpack verification. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/policy_unpack.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 5c46acf5aa65..c50634b724b5 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -84,7 +84,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
* @new: profile if it has been allocated (MAYBE NULL)
* @name: name of the profile being manipulated (MAYBE NULL)
* @info: any extra info about the failure (MAYBE NULL)
- * @e: buffer position info (NOT NULL)
+ * @e: buffer position info
* @error: error code
*
* Returns: %0 or error
@@ -95,7 +95,8 @@ static int audit_iface(struct aa_profile *new, const char *name,
struct aa_profile *profile = __aa_current_profile();
struct common_audit_data sa;
COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad.iface.pos = e->pos - e->start;
+ if (e)
+ sa.aad.iface.pos = e->pos - e->start;
sa.aad.iface.target = new;
sa.aad.name = name;
sa.aad.info = info;