AppArmor

segfault on aa_getcon with mode = NULL and unreadable /proc/<tid>/attr/current

Bug #1196880 reported by Gernot Vormayr
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Medium
Unassigned
AppArmor 2.9.0
apparmor (Ubuntu)
Fix Released
Medium
Tyler Hicks

Bug Description

Title says it all.

Basically aa_getprocattr misses a NULL check in the failurepath. Attached patch fixes this.

Tags: patch
Revision history for this message
Gernot Vormayr (gvormayr) wrote :
Revision history for this message
Gernot Vormayr (gvormayr) wrote :

Small Test program.

Compile and link with libapparmor. Create an empty profile and switch to enforce mode.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for this, I've checked it into our trunk and 2.8 branches, it will be in our upcoming 2.8.2 release.

Seth Arnold (seth-arnold)
Changed in apparmor:
status: New → Fix Committed
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tyler Hicks (tyhicks)
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to fix the problem" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu28

---------------
apparmor (2.8.0-0ubuntu28) saucy; urgency=low

  [ Tyler Hicks ]
  * Move the aa-exec man page out of apparmor-utils into apparmor, since
    aa-exec is now in apparmor
    - debian/control: adjust Breaks/Replaces to use apparmor-utils
      (<< 2.8.0-0ubuntu28)
    - debian/apparmor.manpages: install the aa-exec man page
    - debian/apparmor-utils.manpages: don't install the aa-exec man page
  * debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
    context strings returned from libapparmor (LP: #1220861)
  * debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
    aa_getprocattr() if caller passed in NULL (LP: #1196880)
  * debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
    Update man page and code comments to make it clear that freeing the *con
    string returned from libapparmor's getcon functions also frees the *mode
    string
  * debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
    Document the D-Bus method, in the aa_getcon man page, that returns the
    AppArmor task confinement string of a D-Bus connection

  [ Jamie Strandboge ]
  * debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to
    /usr/share/p11-kit/modules
 -- Jamie Strandboge <email address hidden> Tue, 10 Sep 2013 12:06:06 -0500

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Steve Beattie (sbeattie)
Changed in apparmor:
importance: Undecided → Medium
milestone: none → 2.9.0
Revision history for this message
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.