mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

fix setting proc_attr_base

Browse Source 
There is currently a case in which proc_attr_base won't get set when
asprintf is able to generate the path, but the file doesn't exist, it
will exit proc_attr_base_init_once() without proc_attr_base having been
set as the fall-through if/else logic will get bypassed when asprintf is
successful.
This commit is contained in:
Aaron U'Ren
2021-01-20 17:26:37 -06:00
parent d86b7acd31
commit cc113f4820
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libraries/libapparmor/src/kernel.c
View File

@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
/* if we fail we just fall back to the default value */ /* if we fail we just fall back to the default value */
if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) { if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
autoclose int fd = open(tmp, O_RDONLY); autoclose int fd = open(tmp, O_RDONLY);
if (fd != -1) if (fd != -1) {
proc_attr_base = proc_attr_base_stacking; proc_attr_base = proc_attr_base_stacking;
} else if (!is_enabled() && is_private_enabled()) { return;
}
}
if (!is_enabled() && is_private_enabled()) {
/* new stacking interfaces aren't available and apparmor /* new stacking interfaces aren't available and apparmor
* is disabled, but available. do not use the * is disabled, but available. do not use the
* /proc/<pid>/attr/ * interfaces as they could be * /proc/<pid>/attr/ * interfaces as they could be
* in use by another LSM * in use by another LSM
*/ */
proc_attr_base = proc_attr_base_unavailable; proc_attr_base = proc_attr_base_unavailable;
} else { return;
proc_attr_base = proc_attr_base_old;
} }
proc_attr_base = proc_attr_base_old;
} }
static char *procattr_path(pid_t pid, const char *attr) static char *procattr_path(pid_t pid, const char *attr)