AppArmor: Fix oops in policy unpack auditing
Post unpacking of policy a verification pass is made on x transition indexes. When this fails a call to audit_iface is made resulting in an oops, because audit_iface is expecting a valid buffer position but since the failure comes from post unpack verification there is none. Make the position argument optional so that audit_iface can be called from post unpack verification. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
parent
ef9a762279
commit
b1b4bc2ed9
|
|
@ -84,7 +84,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
|
|||
* @new: profile if it has been allocated (MAYBE NULL)
|
||||
* @name: name of the profile being manipulated (MAYBE NULL)
|
||||
* @info: any extra info about the failure (MAYBE NULL)
|
||||
* @e: buffer position info (NOT NULL)
|
||||
* @e: buffer position info
|
||||
* @error: error code
|
||||
*
|
||||
* Returns: %0 or error
|
||||
|
|
@ -95,7 +95,8 @@ static int audit_iface(struct aa_profile *new, const char *name,
|
|||
struct aa_profile *profile = __aa_current_profile();
|
||||
struct common_audit_data sa;
|
||||
COMMON_AUDIT_DATA_INIT(&sa, NONE);
|
||||
sa.aad.iface.pos = e->pos - e->start;
|
||||
if (e)
|
||||
sa.aad.iface.pos = e->pos - e->start;
|
||||
sa.aad.iface.target = new;
|
||||
sa.aad.name = name;
|
||||
sa.aad.info = info;
|
||||
|
|
|
|||
Reference in New Issue