diff options
author | John Johansen <john.johansen@canonical.com> | 2019-08-31 15:55:06 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2020-01-18 15:37:24 -0800 |
commit | c659696964a7530ddd9ae075919b44f263fba05c (patch) | |
tree | bf7f0306da8dcf3d69aa9e3c96e09b06c6a1e2da /security/apparmor | |
parent | e4f4e6ba5eaadb839d17cfe5235cff149a44b36a (diff) | |
download | linux-c659696964a7530ddd9ae075919b44f263fba05c.tar.gz linux-c659696964a7530ddd9ae075919b44f263fba05c.tar.bz2 linux-c659696964a7530ddd9ae075919b44f263fba05c.zip |
apparmor: add a valid state flags check
Add a check to ensure only known state flags are set on each
state in the dfa.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/include/match.h | 4 | ||||
-rw-r--r-- | security/apparmor/match.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index e23f4aadc1ff..f280b046361e 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -181,5 +181,9 @@ static inline void aa_put_dfa(struct aa_dfa *dfa) #define MATCH_FLAG_DIFF_ENCODE 0x80000000 #define MARK_DIFF_ENCODE 0x40000000 +#define MATCH_FLAG_OOB_TRANSITION 0x20000000 +#define MATCH_FLAGS_MASK 0xff000000 +#define MATCH_FLAGS_VALID MATCH_FLAG_DIFF_ENCODE +#define MATCH_FLAGS_INVALID (MATCH_FLAGS_MASK & ~MATCH_FLAGS_VALID) #endif /* __AA_MATCH_H */ diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 525ce22dc0e9..b477352305ed 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -202,6 +202,10 @@ static int verify_dfa(struct aa_dfa *dfa) if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) && (DEFAULT_TABLE(dfa)[i] >= state_count)) goto out; + if (BASE_TABLE(dfa)[i] & MATCH_FLAGS_INVALID) { + pr_err("AppArmor DFA state with invalid match flags"); + goto out; + } if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) { pr_err("AppArmor DFA next/check upper bounds error\n"); goto out; |