mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-05 08:45:22 +00:00
92 lines
2.8 KiB
Diff
92 lines
2.8 KiB
Diff
---
|
|
security/apparmor/match.c | 12 ++++++------
|
|
security/apparmor/match.h | 2 +-
|
|
security/apparmor/module_interface.c | 10 ++++++----
|
|
3 files changed, 13 insertions(+), 11 deletions(-)
|
|
|
|
--- a/security/apparmor/match.c
|
|
+++ b/security/apparmor/match.c
|
|
@@ -23,9 +23,9 @@ static struct table_header *unpack_table
|
|
if (bsize < sizeof(struct table_header))
|
|
goto out;
|
|
|
|
- th.td_id = ntohs(*(u16 *) (blob));
|
|
- th.td_flags = ntohs(*(u16 *) (blob + 2));
|
|
- th.td_lolen = ntohl(*(u32 *) (blob + 8));
|
|
+ th.td_id = be16_to_cpu(*(u16 *) (blob));
|
|
+ th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
|
|
+ th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
|
|
blob += sizeof(struct table_header);
|
|
|
|
if (!(th.td_flags == YYTD_DATA16 || th.td_flags == YYTD_DATA32 ||
|
|
@@ -41,13 +41,13 @@ static struct table_header *unpack_table
|
|
*table = th;
|
|
if (th.td_flags == YYTD_DATA8)
|
|
UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
|
|
- u8, ntohb);
|
|
+ u8, byte_to_byte);
|
|
else if (th.td_flags == YYTD_DATA16)
|
|
UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
|
|
- u16, ntohs);
|
|
+ u16, be16_to_cpu);
|
|
else
|
|
UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
|
|
- u32, ntohl);
|
|
+ u32, be32_to_cpu);
|
|
}
|
|
|
|
out:
|
|
--- a/security/apparmor/match.h
|
|
+++ b/security/apparmor/match.h
|
|
@@ -63,7 +63,7 @@ struct aa_dfa {
|
|
struct table_header *tables[YYTD_ID_NXT];
|
|
};
|
|
|
|
-#define ntohb(X) (X)
|
|
+#define byte_to_byte(X) (X)
|
|
|
|
#define UNPACK_ARRAY(TABLE, BLOB, LEN, TYPE, NTOHX) \
|
|
do { \
|
|
--- a/security/apparmor/module_interface.c
|
|
+++ b/security/apparmor/module_interface.c
|
|
@@ -60,7 +60,7 @@ struct aa_ext {
|
|
|
|
static inline int aa_inbounds(struct aa_ext *e, size_t size)
|
|
{
|
|
- return (e->pos + size <= e->end);
|
|
+ return (size <= e->end - e->pos);
|
|
}
|
|
|
|
/**
|
|
@@ -243,7 +243,7 @@ struct aa_dfa *aa_unpack_dfa(struct aa_e
|
|
* @e: serialized data extent information
|
|
* @error: error code returned if unpacking fails
|
|
*/
|
|
-static struct aa_profile *aa_unpack_profile(struct aa_ext *e)
|
|
+static struct aa_profile *aa_unpack_profile(struct aa_ext *e, int depth)
|
|
{
|
|
struct aa_profile *profile = NULL;
|
|
|
|
@@ -284,9 +284,11 @@ static struct aa_profile *aa_unpack_prof
|
|
|
|
/* get optional subprofiles */
|
|
if (aa_is_nameX(e, AA_LIST, "hats")) {
|
|
+ if (depth > 0)
|
|
+ goto fail;
|
|
while (!aa_is_nameX(e, AA_LISTEND, NULL)) {
|
|
struct aa_profile *subprofile;
|
|
- subprofile = aa_unpack_profile(e);
|
|
+ subprofile = aa_unpack_profile(e, depth + 1);
|
|
if (IS_ERR(subprofile)) {
|
|
error = PTR_ERR(subprofile);
|
|
goto fail;
|
|
@@ -320,7 +322,7 @@ fail:
|
|
*/
|
|
static struct aa_profile *aa_unpack_profile_wrapper(struct aa_ext *e)
|
|
{
|
|
- struct aa_profile *profile = aa_unpack_profile(e);
|
|
+ struct aa_profile *profile = aa_unpack_profile(e, 0);
|
|
if (!IS_ERR(profile) &&
|
|
(!list_empty(&profile->sub) || profile->flags.complain)) {
|
|
int error;
|