apparmor: fix off-by-one comparison on MAXMAPPED_SIG
This came in yesterday, and I have verified our regression tests
were missing this and it can cause an oops. Please apply.
There is a an off-by-one comparision on sig against MAXMAPPED_SIG
that can lead to a read outside the sig_map array if sig
is MAXMAPPED_SIG. Fix this.
Verified that the check is an out of bounds case that can cause an oops.
Revised: add comparison fix to second case
Fixes: cd1dbf76b2
("apparmor: add the ability to mediate signals")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
fbc3edf7d7
commit
f7dc4c9a85
@ -128,7 +128,7 @@ static inline int map_signal_num(int sig)
|
|||||||
return SIGUNKNOWN;
|
return SIGUNKNOWN;
|
||||||
else if (sig >= SIGRTMIN)
|
else if (sig >= SIGRTMIN)
|
||||||
return sig - SIGRTMIN + 128; /* rt sigs mapped to 128 */
|
return sig - SIGRTMIN + 128; /* rt sigs mapped to 128 */
|
||||||
else if (sig <= MAXMAPPED_SIG)
|
else if (sig < MAXMAPPED_SIG)
|
||||||
return sig_map[sig];
|
return sig_map[sig];
|
||||||
return SIGUNKNOWN;
|
return SIGUNKNOWN;
|
||||||
}
|
}
|
||||||
@ -163,7 +163,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
|
|||||||
audit_signal_mask(ab, aad(sa)->denied);
|
audit_signal_mask(ab, aad(sa)->denied);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (aad(sa)->signal <= MAXMAPPED_SIG)
|
if (aad(sa)->signal < MAXMAPPED_SIG)
|
||||||
audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
|
audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
|
||||||
else
|
else
|
||||||
audit_log_format(ab, " signal=rtmin+%d",
|
audit_log_format(ab, " signal=rtmin+%d",
|
||||||
|
Loading…
Reference in New Issue
Block a user