aa-status: fix crash due to \n in profile name

This fixes a crash when a profile name contains a \n character which breaks profile name parsing. The fix is minimal in that it ignores the bad profile name and continues processing. Ideally this name would not exist and is indicative of a bug in the kernel. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/211 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/824 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2025-08-31 14:25:52 +00:00 · 2022-01-20 13:04:38 -08:00
parent 90b312c55a
commit 457ab38b93
1 changed files with 10 additions and 1 deletions
--- a/binutils/aa_status.c
+++ b/binutils/aa_status.c
@@ -135,7 +135,16 @@ static int get_profiles(struct profile **profiles, size_t *n) {
 	while (getline(&line, &len, fp) != -1) {
 		struct profile *_profiles;
 		autofree char *status = NULL;
-		autofree char *name = strdup(aa_splitcon(line, &status));
+		autofree char *name = NULL;
+		char *tmpname = aa_splitcon(line, &status);
+
+		if (!tmpname) {
+			dfprintf(stderr, "Error: failed profile name split of '%s'.\n", line);
+			ret = AA_EXIT_INTERNAL_ERROR;
+			// skip this entry and keep processing
+			continue;
+		}
+		name = strdup(tmpname);

 		if (status)
 			status = strdup(status);