lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <0e37939d-e996-4591-939a-a48d0f2a0a2a@canonical.com>
Date: Tue, 10 Sep 2024 16:22:17 -0700
From: John Johansen <john.johansen@...onical.com>
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: Shen Lichuan <shenlichuan@...o.com>, Paul Moore <paul@...l-moore.com>,
 James Morris <jmorris@...ei.org>, apparmor@...ts.ubuntu.com,
 linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
 opensource.kernel@...o.com
Subject: Re: [PATCH v1] security/apparmor: remove duplicate unpacking in
 unpack_perm function

On 9/10/24 13:57, Serge E. Hallyn wrote:
> On Mon, Sep 09, 2024 at 11:57:05PM -0700, John Johansen wrote:
>> On 8/21/24 00:22, Shen Lichuan wrote:
>>> The code was unpacking the 'allow' parameter twice.
>>> This change removes the duplicate part.
>>>
>>> Signed-off-by: Shen Lichuan <shenlichuan@...o.com>
>>
>> NAK, this would break the unpack. The first entry is actually a reserved
>> value and is just being thrown away atm. Instead of double unpacking to
>> perms->allow we could unpack it to a temp variable that just gets discarded
> 
> Heh, I recon this should probably be documented in a comment? :)

yes, definitely.

>>
>>
>>> ---
>>>    security/apparmor/policy_unpack.c | 1 -
>>>    1 file changed, 1 deletion(-)
>>>
>>> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
>>> index 5a570235427d..4ec1e1251012 100644
>>> --- a/security/apparmor/policy_unpack.c
>>> +++ b/security/apparmor/policy_unpack.c
>>> @@ -649,7 +649,6 @@ static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm)
>>>    		return false;
>>>    	return	aa_unpack_u32(e, &perm->allow, NULL) &&
>>> -		aa_unpack_u32(e, &perm->allow, NULL) &&
>>>    		aa_unpack_u32(e, &perm->deny, NULL) &&
>>>    		aa_unpack_u32(e, &perm->subtree, NULL) &&
>>>    		aa_unpack_u32(e, &perm->cond, NULL) &&
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ