[thirdparty/kernel/stable-queue.git] / releases / 4.15.18 / apparmor-fix-resource-audit-messages-when-auditing-peer.patch

From b5beb07ad32ab533027aa988d96a44965ec116f7 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 9 Feb 2018 04:57:39 -0800
Subject: apparmor: fix resource audit messages when auditing peer

From: John Johansen <john.johansen@canonical.com>

commit b5beb07ad32ab533027aa988d96a44965ec116f7 upstream.

Resource auditing is using the peer field which is not available
when the rlim data struct is used, because it is a different element
of the same union. Accessing peer during resource auditing could
cause garbage log entries or even oops the kernel.

Move the rlim data block into the same struct as the peer field
so they can be used together.

CC: <stable@vger.kernel.org>
Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/apparmor/include/audit.h |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -126,6 +126,10 @@ struct apparmor_audit_data {
 					const char *target;
 					kuid_t ouid;
 				} fs;
+				struct {
+					int rlim;
+					unsigned long max;
+				} rlim;
 				int signal;
 			};
 		};
@@ -135,10 +139,6 @@ struct apparmor_audit_data {
 			long pos;
 		} iface;
 		struct {
-			int rlim;
-			unsigned long max;
-		} rlim;
-		struct {
 			const char *src_name;
 			const char *type;
 			const char *trans;
Commit	Line	Data
c4ffb79e GKH	1	From b5beb07ad32ab533027aa988d96a44965ec116f7 Mon Sep 17 00:00:00 2001
	2	From: John Johansen <john.johansen@canonical.com>
	3	Date: Fri, 9 Feb 2018 04:57:39 -0800
	4	Subject: apparmor: fix resource audit messages when auditing peer
	5
	6	From: John Johansen <john.johansen@canonical.com>
	7
	8	commit b5beb07ad32ab533027aa988d96a44965ec116f7 upstream.
	9
	10	Resource auditing is using the peer field which is not available
	11	when the rlim data struct is used, because it is a different element
	12	of the same union. Accessing peer during resource auditing could
	13	cause garbage log entries or even oops the kernel.
	14
	15	Move the rlim data block into the same struct as the peer field
	16	so they can be used together.
	17
	18	CC: <stable@vger.kernel.org>
	19	Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
	20	Signed-off-by: John Johansen <john.johansen@canonical.com>
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22
	23	---
	24	security/apparmor/include/audit.h \| 8 ++++----
	25	1 file changed, 4 insertions(+), 4 deletions(-)
	26
	27	--- a/security/apparmor/include/audit.h
	28	+++ b/security/apparmor/include/audit.h
	29	@@ -126,6 +126,10 @@ struct apparmor_audit_data {
	30	const char *target;
	31	kuid_t ouid;
	32	} fs;
	33	+ struct {
	34	+ int rlim;
	35	+ unsigned long max;
	36	+ } rlim;
	37	int signal;
	38	};
	39	};
	40	@@ -135,10 +139,6 @@ struct apparmor_audit_data {
	41	long pos;
	42	} iface;
	43	struct {
	44	- int rlim;
	45	- unsigned long max;
	46	- } rlim;
	47	- struct {
	48	const char *src_name;
	49	const char *type;
	50	const char *trans;