Received: by 10.223.164.202 with SMTP id h10csp1692319wrb; Wed, 8 Nov 2017 08:11:18 -0800 (PST) X-Google-Smtp-Source: ABhQp+RjvwOXyacnIR+MqB0/KOE6i/B5ncsPZrh89iQJH7a3xguzritxbnH8+m6aQBtx7kvrI/Kd X-Received: by 10.98.233.21 with SMTP id j21mr996288pfh.97.1510157478214; Wed, 08 Nov 2017 08:11:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510157478; cv=none; d=google.com; s=arc-20160816; b=fGNrgQ4NsyjZ7PMJS7ugQ4509v30v21czSDz/NUA1PK8vktLFxfsWgvyzla8qlxiK6 KqgzIge7uIjktQCODwerRRv3s+J62Y3TheFwbGi+4yD3lCS/ci12qakAjv9A6usjkvfR jIvyRQP/mPu9PV+VhqiBPaPeh7tEvRWrfngtvApdjC69lrx6vgiNjpcbYoaWbFJUhzhQ CKjJjpjO+DewxwZCRpz/zgD47HpJyI5+idu/VDyFIshXshW3zD4sd4L+yO9r6YdoP6rZ 92QJHfZvafZjl3IMQ7OvMXy7pAmv3wlKwafQMMs0fikhy+4MjguC30GRFlAd8z6JmlAe Ph9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id :organization:subject:from:cc:to:arc-authentication-results; bh=MDGQPjm4Af4ZRN9e7/++Qjll07NPYYXpH7duaUc5oj4=; b=sridxx5TK6qXTroy5rkCZQi8lhv405emJyRlOtV7m9gYo6kmkEEG2OdF/hDJd3HyH9 RhkIKTI7o7do9kUGLYQbUaF7luS79uhKhWt0xtbHcoFfMN6+OuHS3FampfIk8i84JEHf jTDC0mySA/LG4RXP/rUDFwQ4n+wIbMaZwPV2CvbBADh97R5TbjIEcbKjOk2F9zwr4qdq jyY+Ikgb067goXzEs61O2sDDV0gNh5MGGyPSyElcJ1TpZUfkkMbIvbDDZD2oqBPvVo2E zUG2VMeyB4cnRB9J+hx3xF5tPU1bydVmtksFlk1OTzSK38ukLy+sQ26F6HWgRU6nzir4 Zc2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si4022606plb.382.2017.11.08.08.11.06; Wed, 08 Nov 2017 08:11:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752738AbdKHQJ5 (ORCPT + 83 others); Wed, 8 Nov 2017 11:09:57 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:35534 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751963AbdKHQJ4 (ORCPT ); Wed, 8 Nov 2017 11:09:56 -0500 Received: from static-50-53-35-55.bvtn.or.frontiernet.net ([50.53.35.55] helo=[192.168.192.153]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eCSvK-0001Q2-VK; Wed, 08 Nov 2017 16:09:55 +0000 To: Linus Torvalds Cc: LKLM , Colin Ian King From: John Johansen Subject: [PATCH] apparmor: fix off-by-one comparison on MAXMAPPED_SIG Organization: Canonical Message-ID: Date: Wed, 8 Nov 2017 08:09:52 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This came in yesterday, and I have verified our regression tests were missing this and it can cause an oops. Please apply. There is a an off-by-one comparision on sig against MAXMAPPED_SIG that can lead to a read outside the sig_map array if sig is MAXMAPPED_SIG. Fix this. Verified that the check is an out of bounds case that can cause an oops. Revised: add comparison fix to second case Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals") Signed-off-by: Colin Ian King Signed-off-by: John Johansen --- security/apparmor/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index 66fb9ede9447..7ca0032e7ba9 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -128,7 +128,7 @@ static inline int map_signal_num(int sig) return SIGUNKNOWN; else if (sig >= SIGRTMIN) return sig - SIGRTMIN + 128; /* rt sigs mapped to 128 */ - else if (sig <= MAXMAPPED_SIG) + else if (sig < MAXMAPPED_SIG) return sig_map[sig]; return SIGUNKNOWN; } @@ -163,7 +163,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va) audit_signal_mask(ab, aad(sa)->denied); } } - if (aad(sa)->signal <= MAXMAPPED_SIG) + if (aad(sa)->signal < MAXMAPPED_SIG) audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]); else audit_log_format(ab, " signal=rtmin+%d", -- 2.11.0 From 1583526399047350964@xxx Wed Nov 08 19:14:16 +0000 2017 X-GM-THRID: 1583526399047350964 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread