.38 patches

diff --git a/queue-2.6.38/apparmor-fix-oops-in-apparmor_setprocattr.patch b/queue-2.6.38/apparmor-fix-oops-in-apparmor_setprocattr.patch
new file mode 100644 (file)
index 0000000..1311921
--- /dev/null
+++ b/queue-2.6.38/apparmor-fix-oops-in-apparmor_setprocattr.patch
@@ -0,0 +1,38 @@
+From a5b2c5b2ad5853591a6cac6134cd0f599a720865 Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees.cook@canonical.com>
+Date: Tue, 31 May 2011 11:31:41 -0700
+Subject: AppArmor: fix oops in apparmor_setprocattr
+
+From: Kees Cook <kees.cook@canonical.com>
+
+commit a5b2c5b2ad5853591a6cac6134cd0f599a720865 upstream.
+
+When invalid parameters are passed to apparmor_setprocattr a NULL deref
+oops occurs when it tries to record an audit message. This is because
+it is passing NULL for the profile parameter for aa_audit. But aa_audit
+now requires that the profile passed is not NULL.
+
+Fix this by passing the current profile on the task that is trying to
+setprocattr.
+
+Signed-off-by: Kees Cook <kees@ubuntu.com>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/apparmor/lsm.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -592,7 +592,8 @@ static int apparmor_setprocattr(struct t
+                       sa.aad.op = OP_SETPROCATTR;
+                       sa.aad.info = name;
+                       sa.aad.error = -EINVAL;
+-                      return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++                      return aa_audit(AUDIT_APPARMOR_DENIED,
++                                      __aa_current_profile(), GFP_KERNEL,
+                                       &sa, NULL);
+               }
+       } else if (strcmp(name, "exec") == 0) {