0003-apparmor-Fix-logical-error-in-verify_header.patch

   1 From 9934296cba701d429a0fc0cf071a40c8c3a1587e Mon Sep 17 00:00:00 2001
   2 From: Christos Gkekas <chris.gekas@gmail.com>
   3 Date: Sat, 8 Jul 2017 20:50:21 +0100
   4 Subject: [PATCH 03/17] apparmor: Fix logical error in verify_header()
   5
   6 verify_header() is currently checking whether interface version is less
   7 than 5 *and* greater than 7, which always evaluates to false. Instead it
   8 should check whether it is less than 5 *or* greater than 7.
   9
  10 Signed-off-by: Christos Gkekas <chris.gekas@gmail.com>
  11 Signed-off-by: John Johansen <john.johansen@canonical.com>
  12 (cherry picked from commit c54a2175e3a6bf6c697d249bba1aa729e06c7ba8)
  13 ---
  14  security/apparmor/policy_unpack.c | 2 +-
  15  1 file changed, 1 insertion(+), 1 deletion(-)
  16
  17 diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
  18 index 2d5a1a007b06..bda0dce3b582 100644
  19 --- a/security/apparmor/policy_unpack.c
  20 +++ b/security/apparmor/policy_unpack.c
  21 @@ -832,7 +832,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
  22          * if not specified use previous version
  23          * Mask off everything that is not kernel abi version
  24          */
  25 -       if (VERSION_LT(e->version, v5) && VERSION_GT(e->version, v7)) {
  26 +       if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) {
  27                 audit_iface(NULL, NULL, NULL, "unsupported interface version",
  28                             e, error);
  29                 return error;
  30 --
  31 2.11.0
  32