Re: WARNING in apparmor_cred_free
From: John Johansen <john.johansen@canonical.com>
Date: 2019-01-17 00:19:36
On 1/11/19 5:48 PM, Casey Schaufler wrote:
From 1a2a99f3cfd069baf9aa0ef91529558bcbe64c14 Mon Sep 17 00:00:00 2001 From: Casey Schaufler <casey@schaufler-ca.com> Date: Fri, 11 Jan 2019 17:37:56 -0800 Subject: [PATCH 2/2] AppArmor: Fix credential blob assertions The assertions for NULL credential blobs don't take blob offsetting into account. Check the raw data, not th eoffset value. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
in the none stacking case cred->security is the aa_label pointer so the test should be AA_BUG(!*blob); and I would just drop the check from set_cred_label()
quoted hunk ↗ jump to hunk
--- security/apparmor/include/cred.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h index b9504a05fddc..29cef1b5687c 100644 --- a/security/apparmor/include/cred.h +++ b/security/apparmor/include/cred.h@@ -27,7 +27,7 @@ static inline struct aa_label *cred_label(const struct cred *cred) { struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; - AA_BUG(!blob); + AA_BUG(!cred->security); return *blob; }@@ -36,7 +36,7 @@ static inline void set_cred_label(const struct cred *cred, { struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; - AA_BUG(!blob); + AA_BUG(!cred->security); *blob = label; }