linux/security/apparmor
John Johansen f7dc4c9a85 apparmor: fix off-by-one comparison on MAXMAPPED_SIG
This came in yesterday, and I have verified our regression tests
were missing this and it can cause an oops. Please apply.

There is a an off-by-one comparision on sig against MAXMAPPED_SIG
that can lead to a read outside the sig_map array if sig
is MAXMAPPED_SIG. Fix this.

Verified that the check is an out of bounds case that can cause an oops.

Revised: add comparison fix to second case
Fixes: cd1dbf76b2 ("apparmor: add the ability to mediate signals")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-11-08 10:56:22 -08:00
..
include Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
.gitignore Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
apparmorfs.c Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
audit.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
capability.c apparmor: move capability checks to using labels 2017-06-10 17:11:40 -07:00
context.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
crypto.c apparmor: use SHASH_DESC_ON_STACK 2017-04-07 08:58:35 +10:00
domain.c + Features 2017-09-23 05:33:29 -10:00
file.c Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
ipc.c apparmor: fix off-by-one comparison on MAXMAPPED_SIG 2017-11-08 10:56:22 -08:00
Kconfig apparmor: add debug assert AA_BUG and Kconfig to control debug info 2017-01-16 01:18:24 -08:00
label.c apparmor: fix incorrect type assignment when freeing proxies 2017-09-22 13:00:58 -07:00
lib.c Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
lsm.c Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
Makefile License cleanup: add SPDX license identifiers to some files 2017-11-02 10:04:46 -07:00
match.c doc: ReSTify apparmor.txt 2017-05-18 10:32:38 -06:00
mount.c apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
nulldfa.in apparmor: add a default null dfa 2017-01-16 01:18:34 -08:00
path.c apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
policy_ns.c apparmor: ensure unconfined profiles have dfas initialized 2017-09-22 13:00:58 -07:00
policy_unpack.c Revert "apparmor: add base infastructure for socket mediation" 2017-10-26 19:35:35 +02:00
policy.c apparmor: fix race condition in null profile creation 2017-09-22 13:00:58 -07:00
procattr.c apparmor: switch getprocattr to using label_print fns() 2017-06-10 17:11:39 -07:00
resource.c apparmor: move resource checks to using labels 2017-06-10 17:11:40 -07:00
secid.c apparmor: rename sid to secid 2017-01-16 00:42:17 -08:00