Jann Horn 9617058178 apparmor: enforce nullbyte at end of tag string ... commit 8404d7a674c49278607d19726e0acc0cae299357 upstream. A packed AppArmor policy contains null-terminated tag strings that are read by unpack_nameX(). However, unpack_nameX() uses string functions on them without ensuring that they are actually null-terminated, potentially leading to out-of-bounds accesses. Make sure that the tag string is null-terminated before passing it to strcmp(). Cc: stable@vger.kernel.org Fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-07-10 09:56:31 +02:00
..
include	Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb	2015-02-22 11:38:39 -05:00
.gitignore
apparmorfs.c	apparmor: fix ref count leak when profile sha1 hash is read	2016-08-16 09:30:49 +02:00
audit.c	apparmor: remove parent task info from audit logging	2013-10-29 21:34:04 -07:00
capability.c	apparmor: fix capability to not use the current task, during reporting	2013-10-29 21:33:37 -07:00
context.c
crypto.c
domain.c	apparmor: fix change_hat not finding hat after policy replacement	2016-12-02 09:09:01 +01:00
file.c	VFS: security/: d_backing_inode() annotations	2015-04-15 15:06:56 -04:00
ipc.c	apparmor: fix capability to not use the current task, during reporting	2013-10-29 21:33:37 -07:00
Kconfig	apparmor: clarify CRYPTO dependency	2015-10-22 11:11:28 +11:00
lib.c	nick kvfree() from apparmor	2014-05-06 14:02:53 -04:00
lsm.c	apparmor: Make path_max parameter readonly	2018-03-22 09:23:24 +01:00
Makefile
match.c
path.c	Apparmor: Use d_is_positive/negative() rather than testing dentry->d_inode	2015-02-22 11:38:39 -05:00
policy.c
policy_unpack.c	apparmor: enforce nullbyte at end of tag string	2019-07-10 09:56:31 +02:00
procattr.c
resource.c
sid.c