]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 15021f3)
apparmor: check that xindex is in trans_table bounds
authorJohn Johansen <john.johansen@canonical.com>
Thu, 17 Mar 2016 19:02:54 +0000 (12:02 -0700)
committerJiri Slaby <jslaby@suse.cz>
Fri, 27 Jan 2017 10:16:11 +0000 (11:16 +0100)
commit 23ca7b640b4a55f8747301b6bd984dd05545f6a7 upstream.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
security/apparmor/policy_unpack.c patch | blob | blame | history

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index a689f10930b5e825c4da751508e274d8715ef2b5..c841b1268a84999d99dff1102aca1809c842299b 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -676,7 +676,7 @@ static bool verify_xindex(int xindex, int table_size)
        int index, xtype;
        xtype = xindex & AA_X_TYPE_MASK;
        index = xindex & AA_X_INDEX_MASK;
-       if (xtype == AA_X_TABLE && index > table_size)
+       if (xtype == AA_X_TABLE && index >= table_size)
                return 0;
        return 1;
 }
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git