AppArmor overwrites unallocated memory in getprocattr interface
Bug #446595 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
John Johansen | ||
Karmic |
Fix Released
|
High
|
John Johansen |
Bug Description
In ubuntu/
len = strlen(
if (ns != default_namespace)
len += strlen(
str = kmalloc(len + 1, GFP_ATOMIC);
However this is 2 bytes smaller than the actual string because the string "://" which separates the namespace and profile names is 3 bytes not 1 as is done in the above allocation.
if (ns != default_namespace)
sprintf(str, "%s://%s", ns->base.name, unconfined_str);
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → John Johansen (jjohansen) |
To post a comment you must log in.
http:// kernel. ubuntu. com/git? p=ubuntu/ ubuntu- karmic. git;a=commit; h=823da90960aa2 f2442bec8cb0dc7 11b49f7a48ca