]>
Commit | Line | Data |
---|---|---|
daaa955e AM |
1 | From 9934296cba701d429a0fc0cf071a40c8c3a1587e Mon Sep 17 00:00:00 2001 |
2 | From: Christos Gkekas <chris.gekas@gmail.com> | |
3 | Date: Sat, 8 Jul 2017 20:50:21 +0100 | |
4 | Subject: [PATCH 03/17] apparmor: Fix logical error in verify_header() | |
5 | ||
6 | verify_header() is currently checking whether interface version is less | |
7 | than 5 *and* greater than 7, which always evaluates to false. Instead it | |
8 | should check whether it is less than 5 *or* greater than 7. | |
9 | ||
10 | Signed-off-by: Christos Gkekas <chris.gekas@gmail.com> | |
11 | Signed-off-by: John Johansen <john.johansen@canonical.com> | |
12 | (cherry picked from commit c54a2175e3a6bf6c697d249bba1aa729e06c7ba8) | |
13 | --- | |
14 | security/apparmor/policy_unpack.c | 2 +- | |
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
16 | ||
17 | diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c | |
18 | index 2d5a1a007b06..bda0dce3b582 100644 | |
19 | --- a/security/apparmor/policy_unpack.c | |
20 | +++ b/security/apparmor/policy_unpack.c | |
21 | @@ -832,7 +832,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns) | |
22 | * if not specified use previous version | |
23 | * Mask off everything that is not kernel abi version | |
24 | */ | |
25 | - if (VERSION_LT(e->version, v5) && VERSION_GT(e->version, v7)) { | |
26 | + if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) { | |
27 | audit_iface(NULL, NULL, NULL, "unsupported interface version", | |
28 | e, error); | |
29 | return error; | |
30 | -- | |
31 | 2.11.0 | |
32 |