summaryrefslogtreecommitdiffstats
path: root/security/apparmor/policy_unpack.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-10 02:29:12 +0200
committerJohn Johansen <john.johansen@canonical.com>2017-06-11 02:11:45 +0200
commit5379a3312024a8befe7728238fc50ed05d2938ac (patch)
tree1585b97bf6addcb3452a53a9a028e5c482d46b45 /security/apparmor/policy_unpack.c
parentapparmor: mediate files when they are received (diff)
downloadlinux-5379a3312024a8befe7728238fc50ed05d2938ac.tar.xz
linux-5379a3312024a8befe7728238fc50ed05d2938ac.zip
apparmor: support v7 transition format compatible with label_parse
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r--security/apparmor/policy_unpack.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index f42bb9575cb5..6e6f8c1a10a9 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -466,7 +466,7 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
profile->file.trans.size = size;
for (i = 0; i < size; i++) {
char *str;
- int c, j, size2 = unpack_strdup(e, &str, NULL);
+ int c, j, pos, size2 = unpack_strdup(e, &str, NULL);
/* unpack_strdup verifies that the last character is
* null termination byte.
*/
@@ -478,19 +478,25 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
goto fail;
/* count internal # of internal \0 */
- for (c = j = 0; j < size2 - 2; j++) {
- if (!str[j])
+ for (c = j = 0; j < size2 - 1; j++) {
+ if (!str[j]) {
+ pos = j;
c++;
+ }
}
if (*str == ':') {
+ /* first character after : must be valid */
+ if (!str[1])
+ goto fail;
/* beginning with : requires an embedded \0,
* verify that exactly 1 internal \0 exists
* trailing \0 already verified by unpack_strdup
+ *
+ * convert \0 back to : for label_parse
*/
- if (c != 1)
- goto fail;
- /* first character after : must be valid */
- if (!str[1])
+ if (c == 1)
+ str[pos] = ':';
+ else if (c > 1)
goto fail;
} else if (c)
/* fail - all other cases with embedded \0 */