diff options
| author | John Johansen <john.johansen@canonical.com> | 2018-06-26 20:19:19 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2018-07-10 22:06:02 -0700 |
| commit | 45ff74bd5a009ab8f9648531fa11fce55b9a67fd (patch) | |
| tree | fad971b9e997a1c3568cbcd4feeb01dc8cec75e5 | |
| parent | 1aae75e96831bb26d1ced782c633c39c877c252f (diff) | |
| download | linux-apparmor-4.17-outoftree-net-compat.tar.gz | |
apparmor: fix use after free in sk_peer_label4.17-outoftree-net-compat
BugLink: http://bugs.launchpad.net/bugs/1778646
Signed-off-by: John Johansen <john.johansen@canonical.com>
| -rw-r--r-- | security/apparmor/lsm.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7a6b1bd8e046ed..0d2925389947f4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1125,9 +1125,10 @@ static struct aa_label *sk_peer_label(struct sock *sk) { struct sock *peer_sk; struct aa_sk_ctx *ctx = SK_CTX(sk); + struct aa_label *label = ERR_PTR(-ENOPROTOOPT); if (ctx->peer) - return ctx->peer; + return aa_get_label(ctx->peer); if (sk->sk_family != PF_UNIX) return ERR_PTR(-ENOPROTOOPT); @@ -1135,14 +1136,15 @@ static struct aa_label *sk_peer_label(struct sock *sk) /* check for sockpair peering which does not go through * security_unix_stream_connect */ - peer_sk = unix_peer(sk); + peer_sk = unix_peer_get(sk); if (peer_sk) { ctx = SK_CTX(peer_sk); if (ctx->label) - return ctx->label; + label = aa_get_label(ctx->label); + sock_put(peer_sk); } - return ERR_PTR(-ENOPROTOOPT); + return label; } /** @@ -1186,6 +1188,7 @@ out: } + aa_put_label(peer); done: end_current_label_crit_section(label); |