Ubuntu
linux package

AppArmor overwrites unallocated memory in getprocattr interface

Bug #446595 reported by John Johansen on 2009-10-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	John Johansen
	Karmic	Fix Released	High	John Johansen

Bug Description

In ubuntu/apparmor/procattr.c, AppArmor allocates memory for the procattr buffer

  len = strlen(unconfined_str);
  if (ns != default_namespace)
   len += strlen(ns->base.name) + 1;
  str = kmalloc(len + 1, GFP_ATOMIC);

However this is 2 bytes smaller than the actual string because the string "://" which separates the namespace and profile names is 3 bytes not 1 as is done in the above allocation.

if (ns != default_namespace)
sprintf(str, "%s://%s", ns->base.name, unconfined_str);

Related branches

lp:ubuntu/karmic/linux-mvl-dove

lp:ubuntu/karmic/linux-fsl-imx51

lp:ubuntu/karmic/linux-ec2

lp:ubuntu/lucid/linux-ec2

John Johansen (jjohansen) on 2009-10-08

Changed in linux (Ubuntu):
status:	New → Confirmed
assignee:	nobody → John Johansen (jjohansen)

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2009-10-08:

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-karmic.git;a=commit;h=823da90960aa2f2442bec8cb0dc711b49f7a48ca

Changed in linux (Ubuntu Karmic):
importance:	Undecided → High
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-10-09:

This bug was fixed in the package linux - 2.6.31-13.43

---------------
linux (2.6.31-13.43) karmic; urgency=low

[ Andy Whitcroft ]

* Revert "[Upstream] acerhdf: Limit modalias matching to supported
boards"

[ Colin Watson ]

* Use section 'admin' rather than 'base'

[ John Johansen ]

  * SAUCE: AppArmor: Set error code after structure initialization.
    - LP: #427948
  * SAUCE: AppArmor: Fix off by 2 error in getprocattr mem allocation
    - LP: #446595

[ Luke Yelavich ]

* SAUCE: Add sr_mod to the scsi-modules udeb for powerpc

[ Stefan Bader ]

  * [Upstream] acerhdf: Limit modalias matching to supported boards
    (supersedes previous revert made by Andy Whitcroft)
    - LP: #435958

-- Tim Gardner <email address hidden> Fri, 09 Oct 2009 10:08:16 -0600

Changed in linux (Ubuntu Karmic):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package