Format string bugs in apparmor-utils

Bug #781961 reported by Emanuel Bronshtein
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Undecided
Unassigned
2.6
Fix Committed
Low
Unassigned
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: apparmor-utils

/usr/sbin/audit and /usr/sbin/autodep and /usr/sbin/enforce have format string bugs .

test case :
emanuel@emanuel-desktop:/tmp$ /usr/sbin/audit "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/audit line 122.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/autodep "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/autodep line 112.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/enforce "/tmp/%9999999999999s"
Integer overflow in format string for sprintf at /usr/sbin/enforce line 132.

the bug can be found at :
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') . $profiling));

fix : (like in /usr/sbin/complain)
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));

Kees Cook (kees)
Changed in apparmor (Ubuntu):
status: New → Confirmed
Changed in apparmor:
status: New → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

Thanks for the report! I've sent a patch to the mailing list and this will likely get committed soon.

Changed in apparmor:
status: Confirmed → In Progress
Changed in apparmor (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed in lp:apparmor commit 1727 and was merged into the 2.6 branch in commit 1699.

Changed in apparmor:
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.7.0~beta1+bzr1774-1.

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.