summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-02-27 12:45:05 +0100
committerJohn Johansen <john.johansen@canonical.com>2013-04-28 09:39:37 +0200
commit2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (patch)
treee82423fd02f8cb9911b7c39229bd98d754a063ea /security
parentapparmor: fix setprocattr arg processing for onexec (diff)
downloadlinux-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.tar.xz
linux-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.zip
apparmor: fix fully qualified name parsing
currently apparmor name parsing is only correctly handling :<NS>:<profile> but :<NS>://<profile> is also a valid form and what is exported to userspace. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/lib.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index d6e1f2148398..d40bc592180d 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
*ns_name = skip_spaces(&name[1]);
if (split) {
/* overwrite ':' with \0 */
- *split = 0;
- name = skip_spaces(split + 1);
+ *split++ = 0;
+ if (strncmp(split, "//", 2) == 0)
+ split += 2;
+ name = skip_spaces(split);
} else
/* a ns name without a following profile is allowed */
name = NULL;