apparmor: fail unpack if profile mode is unknown

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Profile unpack should fail if the profile mode is not a mode that the
kernel understands.

Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen 6 years ago f05841a9 3ed4aaa9

1 changed file

expand all

security

apparmor

policy_unpack.c

security/apparmor/policy_unpack.c

··· 748 748 goto fail; 749 749 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) 750 750 profile->mode = APPARMOR_COMPLAIN; 751 + else if (tmp == PACKED_MODE_ENFORCE) 752 + profile->mode = APPARMOR_ENFORCE; 751 753 else if (tmp == PACKED_MODE_KILL) 752 754 profile->mode = APPARMOR_KILL; 753 755 else if (tmp == PACKED_MODE_UNCONFINED) 754 756 profile->mode = APPARMOR_UNCONFINED; 757 + else 758 + goto fail; 755 759 if (!unpack_u32(e, &tmp, NULL)) 756 760 goto fail; 757 761 if (tmp)