segfault on aa_getcon with mode = NULL and unreadable /proc/<tid>/attr/current

Bug #1196880 reported by Gernot Vormayr
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Medium
Unassigned
apparmor (Ubuntu)
Medium
Tyler Hicks

Bug Description

Title says it all.

Basically aa_getprocattr misses a NULL check in the failurepath. Attached patch fixes this.

Revision history for this message
Gernot Vormayr (gvormayr) wrote :
Revision history for this message
Gernot Vormayr (gvormayr) wrote :

Small Test program.

Compile and link with libapparmor. Create an empty profile and switch to enforce mode.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for this, I've checked it into our trunk and 2.8 branches, it will be in our upcoming 2.8.2 release.

Changed in apparmor:
status: New → Fix Committed
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tyler Hicks (tyhicks)
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to fix the problem" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu28

---------------
apparmor (2.8.0-0ubuntu28) saucy; urgency=low

  [ Tyler Hicks ]
  * Move the aa-exec man page out of apparmor-utils into apparmor, since
    aa-exec is now in apparmor
    - debian/control: adjust Breaks/Replaces to use apparmor-utils
      (<< 2.8.0-0ubuntu28)
    - debian/apparmor.manpages: install the aa-exec man page
    - debian/apparmor-utils.manpages: don't install the aa-exec man page
  * debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
    context strings returned from libapparmor (LP: #1220861)
  * debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
    aa_getprocattr() if caller passed in NULL (LP: #1196880)
  * debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
    Update man page and code comments to make it clear that freeing the *con
    string returned from libapparmor's getcon functions also frees the *mode
    string
  * debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
    Document the D-Bus method, in the aa_getcon man page, that returns the
    AppArmor task confinement string of a D-Bus connection

  [ Jamie Strandboge ]
  * debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to
    /usr/share/p11-kit/modules
 -- Jamie Strandboge <email address hidden> Tue, 10 Sep 2013 12:06:06 -0500

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Steve Beattie (sbeattie)
Changed in apparmor:
importance: Undecided → Medium
milestone: none → 2.9.0
Revision history for this message
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers