diff options
author | John Johansen <john.johansen@canonical.com> | 2012-03-10 11:25:30 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-03-14 06:15:02 -0700 |
commit | b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f (patch) | |
tree | d586d6edc39a957d66df9dd2908759a6c5c622e5 /security/apparmor | |
parent | ef9a762279c9ce98c592fb144b31898411feb94d (diff) | |
download | linux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.tar.gz linux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.tar.bz2 linux-b1b4bc2ed94d157f3ed60c17a12b658ccb96a76f.zip |
AppArmor: Fix oops in policy unpack auditing
Post unpacking of policy a verification pass is made on x transition
indexes. When this fails a call to audit_iface is made resulting in an
oops, because audit_iface is expecting a valid buffer position but
since the failure comes from post unpack verification there is none.
Make the position argument optional so that audit_iface can be called
from post unpack verification.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/policy_unpack.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5c46acf5aa65..c50634b724b5 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -84,7 +84,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) * @new: profile if it has been allocated (MAYBE NULL) * @name: name of the profile being manipulated (MAYBE NULL) * @info: any extra info about the failure (MAYBE NULL) - * @e: buffer position info (NOT NULL) + * @e: buffer position info * @error: error code * * Returns: %0 or error @@ -95,7 +95,8 @@ static int audit_iface(struct aa_profile *new, const char *name, struct aa_profile *profile = __aa_current_profile(); struct common_audit_data sa; COMMON_AUDIT_DATA_INIT(&sa, NONE); - sa.aad.iface.pos = e->pos - e->start; + if (e) + sa.aad.iface.pos = e->pos - e->start; sa.aad.iface.target = new; sa.aad.name = name; sa.aad.info = info; |