packages: kernel/kernel-small_fixes.patch - apparmor oops fix

arekm arekm at pld-linux.org
Wed Jun 1 23:41:06 CEST 2011 

Author: arekm                        Date: Wed Jun  1 21:41:06 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- apparmor oops fix

---- Files affected:
packages/kernel:
   kernel-small_fixes.patch (1.25 -> 1.26) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.25 packages/kernel/kernel-small_fixes.patch:1.26
--- packages/kernel/kernel-small_fixes.patch:1.25	Thu May 19 10:24:00 2011
+++ packages/kernel/kernel-small_fixes.patch	Wed Jun  1 23:41:01 2011
@@ -153,4 +153,36 @@
 --
 To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
 the body of a message to majordomo at vger.kernel.org
-More majordomo info at  http://vger.kernel.org/majordomo-info.html
\ No newline at end of file
+More majordomo info at  http://vger.kernel.org/majordomo-info.htmlcommit a5b2c5b2ad5853591a6cac6134cd0f599a720865
+Author: Kees Cook <kees.cook at canonical.com>
+Date:   Tue May 31 11:31:41 2011 -0700
+
+    AppArmor: fix oops in apparmor_setprocattr
+    
+    When invalid parameters are passed to apparmor_setprocattr a NULL deref
+    oops occurs when it tries to record an audit message. This is because
+    it is passing NULL for the profile parameter for aa_audit. But aa_audit
+    now requires that the profile passed is not NULL.
+    
+    Fix this by passing the current profile on the task that is trying to
+    setprocattr.
+    
+    Signed-off-by: Kees Cook <kees at ubuntu.com>
+    Signed-off-by: John Johansen <john.johansen at canonical.com>
+    Cc: stable at kernel.org
+    Signed-off-by: James Morris <jmorris at namei.org>
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ae3a698..ec1bcec 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
+ 			sa.aad.op = OP_SETPROCATTR;
+ 			sa.aad.info = name;
+ 			sa.aad.error = -EINVAL;
+-			return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++			return aa_audit(AUDIT_APPARMOR_DENIED,
++					__aa_current_profile(), GFP_KERNEL,
+ 					&sa, NULL);
+ 		}
+ 	} else if (strcmp(name, "exec") == 0) {
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.25&r2=1.26&f=u

More information about the pld-cvs-commit mailing list