[PATCH 0/2] Fix AppArmor issues found through static analysis

From: Tyler Hicks
Date: Fri Jul 06 2018 - 01:25:51 EST

Next message: Tyler Hicks: "[PATCH 1/2] apparmor: Check buffer bounds when mapping permissions mask"
Previous message: Mark Rutland: "Re: [PATCH V2 16/19] csky: SMP support"
Next in thread: Tyler Hicks: "[PATCH 1/2] apparmor: Check buffer bounds when mapping permissions mask"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This set fixes three issues, discovered by CoverityScan, that I don't
believe are serious in practice but are worth fixing to make the
AppArmor code more robust and prevent them from becoming more serious
issues in the future. The first patch fixes possible out of bounds
access issues when mapping a permissions mask to a string. The second
fixes an uninitialized struct that could have some of its contents
leaked to userspace during a permissions query.

I've tested the patches with the AppArmor regression test suite. The
test results are the same with and without these patches applied. There
are identical failures, in both situations, from the aa_policy_cache
test but that's likely due to some unrelated, recent changes in the
AppArmor userspace code.

Tyler

Next message: Tyler Hicks: "[PATCH 1/2] apparmor: Check buffer bounds when mapping permissions mask"
Previous message: Mark Rutland: "Re: [PATCH V2 16/19] csky: SMP support"
Next in thread: Tyler Hicks: "[PATCH 1/2] apparmor: Check buffer bounds when mapping permissions mask"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]