apparmor/kernel-patches/for-mainline/fix-named-transitions.diff

---
 security/apparmor/main.c             |    2 +-
 security/apparmor/module_interface.c |    1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -1119,7 +1119,7 @@ aa_x_to_profile(struct aa_profile *profi
 	default:
 		/* all other indexes are named transitions */
 		index = AA_EXEC_INDEX(xmode);
-		if (index - 4 > profile->exec_table_size) {
+		if (index - 4 >= profile->exec_table_size) {
 			sa->info = "invalid named transition - exec failed";
 			sa->error_code = -EACCES;
 			new_profile = ERR_PTR(-EACCES);
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -319,6 +319,7 @@ static int aa_unpack_exec_table(struct a
 			goto fail;
 		if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
 			goto fail;
+		profile->exec_table_size = size;
 	}
 	return 1;
- d_path path fix - remove use of fgetattr - fix named transitions 2008-04-24 17:31:08 +00:00			`---`
			`security/apparmor/main.c \| 2 +-`
			`security/apparmor/module_interface.c \| 1 +`
			`2 files changed, 2 insertions(+), 1 deletion(-)`

			`--- a/security/apparmor/main.c`
			`+++ b/security/apparmor/main.c`
			`@@ -1119,7 +1119,7 @@ aa_x_to_profile(struct aa_profile *profi`
			`default:`
			`/* all other indexes are named transitions */`
			`index = AA_EXEC_INDEX(xmode);`
			`- if (index - 4 > profile->exec_table_size) {`
			`+ if (index - 4 >= profile->exec_table_size) {`
			`sa->info = "invalid named transition - exec failed";`
			`sa->error_code = -EACCES;`
			`new_profile = ERR_PTR(-EACCES);`
			`--- a/security/apparmor/module_interface.c`
			`+++ b/security/apparmor/module_interface.c`
			`@@ -319,6 +319,7 @@ static int aa_unpack_exec_table(struct a`
			`goto fail;`
			`if (!aa_is_nameX(e, AA_STRUCTEND, NULL))`
			`goto fail;`
			`+ profile->exec_table_size = size;`
			`}`
			`return 1;`