Commit e38c55d9 authored by Massimiliano Pellizzer's avatar Massimiliano Pellizzer Committed by John Johansen
Browse files

apparmor: fix memory leak in verify_header 



The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.

Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.

Fixes: dd51c848 ("apparmor: provide base for multiple profiles to be replaced at once")
Reported-by: default avatarQualys Security Advisory <qsa@qualys.com>
Tested-by: default avatarSalvatore Bonaccorso <carnil@debian.org>
Reviewed-by: default avatarGeorgia Garcia <georgia.garcia@canonical.com>
Reviewed-by: default avatarCengiz Can <cengiz.can@canonical.com>
Signed-off-by: default avatarMassimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 9063d7e2

security/apparmor/policy_unpack.c

+0 −1
Original line number Diff line number Diff line
@@ -1419,7 +1419,6 @@ static int verify_header(struct aa_ext *e, int required, const char **ns) 
{

	int error = -EPROTONOSUPPORT;

	const char *name = NULL;

	*ns = NULL;



	/* get the interface version */

	if (!aa_unpack_u32(e, &e->version, "version")) {