* [PATCH security] apparmor: fix logical error in signal range validation
@ 2025-01-21 10:11 Dheeraj Reddy Jonnalagadda
0 siblings, 0 replies; only message in thread
From: Dheeraj Reddy Jonnalagadda @ 2025-01-21 10:11 UTC (permalink / raw)
To: john.johansen, apparmor
Cc: paul, jmorris, serge, linux-security-module, linux-kernel,
Dheeraj Reddy Jonnalagadda
Fix logically impossible condition in unpack_profile() that made the
signal validation code unreachable. The function was using && instead
of || when checking if the signal value is outside the valid range,
making it impossible for both conditions to be true simultaneously.
Update the condition to ensure proper range validation.
Fixes: 84c455decf27 ("apparmor: add support for profiles to define the kill signal")
Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com>
---
security/apparmor/policy_unpack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 73139189df0f..e643514a3d92 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -919,7 +919,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
/* optional */
(void) aa_unpack_u32(e, &profile->signal, "kill");
- if (profile->signal < 1 && profile->signal > MAXMAPPED_SIG) {
+ if (profile->signal < 1 || profile->signal > MAXMAPPED_SIG) {
info = "profile kill.signal invalid value";
goto fail;
}
--
2.34.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-01-21 10:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-21 10:11 [PATCH security] apparmor: fix logical error in signal range validation Dheeraj Reddy Jonnalagadda
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.