[REGRESSION] Task based libapparmor getcon functions don't always NUL-terminate con strings properly

Bug #1220861 reported by Tyler Hicks on 2013-09-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
High
Tyler Hicks
apparmor (Ubuntu)
High
Tyler Hicks

Bug Description

Starting with upstream revision 2125 and Ubuntu package 2.8.0-0ubuntu25,
the task based libapparmor getcon functions changed behavior on how they
handled NULL mode strings.

Old behavior:

$ gcc -Wall -pedantic -o getcon getcon.c -lapparmor
$ echo "profile getcon { file, }" | sudo apparmor_parser -qr
$ aa-exec -p getcon -- ./getcon
con = [getcon]

New behavior:

$ gcc -Wall -pedantic -o getcon getcon.c -lapparmor
$ echo "profile getcon { file, }" | sudo apparmor_parser -qr
$ aa-exec -p getcon -- ./getcon
con = [getcon (enforce)]

The con string is not being NUL-terminated before the mode string when
the mode pointer is NULL.

Tyler Hicks (tyhicks) wrote :
Changed in apparmor:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Tyler Hicks (tyhicks)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu28

---------------
apparmor (2.8.0-0ubuntu28) saucy; urgency=low

  [ Tyler Hicks ]
  * Move the aa-exec man page out of apparmor-utils into apparmor, since
    aa-exec is now in apparmor
    - debian/control: adjust Breaks/Replaces to use apparmor-utils
      (<< 2.8.0-0ubuntu28)
    - debian/apparmor.manpages: install the aa-exec man page
    - debian/apparmor-utils.manpages: don't install the aa-exec man page
  * debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
    context strings returned from libapparmor (LP: #1220861)
  * debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
    aa_getprocattr() if caller passed in NULL (LP: #1196880)
  * debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
    Update man page and code comments to make it clear that freeing the *con
    string returned from libapparmor's getcon functions also frees the *mode
    string
  * debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
    Document the D-Bus method, in the aa_getcon man page, that returns the
    AppArmor task confinement string of a D-Bus connection

  [ Jamie Strandboge ]
  * debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to
    /usr/share/p11-kit/modules
 -- Jamie Strandboge <email address hidden> Tue, 10 Sep 2013 12:06:06 -0500

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Tyler Hicks (tyhicks) wrote :

The fix was committed upstream as r2162

Changed in apparmor:
status: In Progress → Fix Committed
Steve Beattie (sbeattie) on 2014-06-25
Changed in apparmor:
milestone: none → 2.9.0
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments