mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-29 05:17:59 +00:00
2001fb6f81
strlen() assumes that it can read an entire word but when a char array
does not end on a word boundary, it reads past the end of the array.
This results in the following valgrind warning:
Invalid read of size 4
at 0x40A162: yylex() (parser_lex.l:277)
by 0x40FA14: yyparse() (parser_yacc.c:1487)
by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
by 0x404074: main (parser_main.c:1340)
Address 0x578d870 is 16 bytes inside a block of size 18 alloc'd
at 0x4C2A420: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x53E31C9: strdup (strdup.c:42)
by 0x40A145: yylex() (parser_lex.l:276)
by 0x40FA14: yyparse() (parser_yacc.c:1487)
by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
by 0x404074: main (parser_main.c:1340)
This patch quiets the warning by not using strlen(). This can be done
because yyleng already contains the length of string.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The apparmor_parser allows you to add, replace, and remove AppArmor policy through the use of command line options. The default is to add. `apparmor_parser --help` shows what the command line options are. You can also find more information at http://wiki.apparmor.net Please send all complaints, feature requests, rants about the software, and questions to the apparmor@lists.ubuntu.com mailing list. Bug reports can be filed against the AppArmor project on launchpad.net at https://launchpad.net/apparmor or reported to the mailing list directly for those who wish not to register for an account on launchpad. Security issues can be filed as security bugs on launchpad or directed to security@ubuntu.com. We will attempt to conform to the RFP vulnerability disclosure protocol: http://www.wiretrip.net/rfp/policy.html Thanks. -- The AppArmor development team