summaryrefslogtreecommitdiff
path: root/lib/nlattr.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2012-02-22 00:32:30 -0800
committerJohn Johansen <john.johansen@canonical.com>2012-02-27 11:38:21 -0800
commit8b964eae204d791421677ec56b94a7b18cf8740d (patch)
tree7c1a7b5b6be9f2d9b60d8cba1094635d3f74466c /lib/nlattr.c
parentade3ddc01e2e426cc24c744be85dcaad4e8f8aba (diff)
AppArmor: Fix underflow in xindex calculation
If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'lib/nlattr.c')
0 files changed, 0 insertions, 0 deletions