UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.

The unpacking of network rules, unpacks 1 more rule than it should. It should drop all rules with network types AF_MAX or greater. Fix suggested by Tetsuo Handa in https://lists.ubuntu.com/archives/kernel-team/2010-November/013327.html Reported-by: Tetsuo Handa <from-ubuntu@I-love.SAKURA.ne.jp> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2010-11-01 18:16:54 -0400
committer: John Rigby <john.rigby@linaro.org> 2011-10-17 02:33:27 -0600
commit: 7255b38de44bb13e1070e0fc1705825a32886337 (patch)
tree: 89e0f010014e702559b5fa3ca00a7fa500f65888 /security
parent: 5f889f6d807cc090deb6f53c2554f24d60525358 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index f78370bf801..f4874c4cd73 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
 			/* discard extraneous rules that this kernel will
 			 * never request
 			 */
-			if (i > AF_MAX) {
+			if (i >= AF_MAX) {
 				u16 tmp;
 				if (!unpack_u16(e, &tmp, NULL) ||
 				    !unpack_u16(e, &tmp, NULL) ||
author	John Johansen <john.johansen@canonical.com>	2010-11-01 18:16:54 -0400
committer	John Rigby <john.rigby@linaro.org>	2011-10-17 02:33:27 -0600
commit	7255b38de44bb13e1070e0fc1705825a32886337 (patch)
tree	89e0f010014e702559b5fa3ca00a7fa500f65888 /security
parent	5f889f6d807cc090deb6f53c2554f24d60525358 (diff)