diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-10 02:29:12 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:45 +0200 |
commit | 5379a3312024a8befe7728238fc50ed05d2938ac (patch) | |
tree | 1585b97bf6addcb3452a53a9a028e5c482d46b45 /security/apparmor/policy_unpack.c | |
parent | apparmor: mediate files when they are received (diff) | |
download | linux-5379a3312024a8befe7728238fc50ed05d2938ac.tar.xz linux-5379a3312024a8befe7728238fc50ed05d2938ac.zip |
apparmor: support v7 transition format compatible with label_parse
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r-- | security/apparmor/policy_unpack.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index f42bb9575cb5..6e6f8c1a10a9 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -466,7 +466,7 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) profile->file.trans.size = size; for (i = 0; i < size; i++) { char *str; - int c, j, size2 = unpack_strdup(e, &str, NULL); + int c, j, pos, size2 = unpack_strdup(e, &str, NULL); /* unpack_strdup verifies that the last character is * null termination byte. */ @@ -478,19 +478,25 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) goto fail; /* count internal # of internal \0 */ - for (c = j = 0; j < size2 - 2; j++) { - if (!str[j]) + for (c = j = 0; j < size2 - 1; j++) { + if (!str[j]) { + pos = j; c++; + } } if (*str == ':') { + /* first character after : must be valid */ + if (!str[1]) + goto fail; /* beginning with : requires an embedded \0, * verify that exactly 1 internal \0 exists * trailing \0 already verified by unpack_strdup + * + * convert \0 back to : for label_parse */ - if (c != 1) - goto fail; - /* first character after : must be valid */ - if (!str[1]) + if (c == 1) + str[pos] = ':'; + else if (c > 1) goto fail; } else if (c) /* fail - all other cases with embedded \0 */ |