Format string bugs in apparmor-utils

Bug #781961 reported by Emanuel Bronshtein on 2011-05-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
2.6
Low
Unassigned
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: apparmor-utils

/usr/sbin/audit and /usr/sbin/autodep and /usr/sbin/enforce have format string bugs .

test case :
emanuel@emanuel-desktop:/tmp$ /usr/sbin/audit "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/audit line 122.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/autodep "/tmp/%n"
Modification of a read-only value attempted at /usr/sbin/autodep line 112.
emanuel@emanuel-desktop:/tmp$ /usr/sbin/enforce "/tmp/%9999999999999s"
Integer overflow in format string for sprintf at /usr/sbin/enforce line 132.

the bug can be found at :
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') . $profiling));

fix : (like in /usr/sbin/complain)
UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));

Kees Cook (kees) on 2011-05-13
Changed in apparmor (Ubuntu):
status: New → Confirmed
Changed in apparmor:
status: New → Confirmed
Kees Cook (kees) wrote :

Thanks for the report! I've sent a patch to the mailing list and this will likely get committed soon.

Changed in apparmor:
status: Confirmed → In Progress
Changed in apparmor (Ubuntu):
status: Confirmed → In Progress
Steve Beattie (sbeattie) wrote :

This was fixed in lp:apparmor commit 1727 and was merged into the 2.6 branch in commit 1699.

Changed in apparmor:
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.7.0~beta1+bzr1774-1.

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers