Commit 57ad1701 authored by John Johansen's avatar John Johansen Committed by Willy Tarreau

apparmor: check that xindex is in trans_table bounds

commit 23ca7b64 upstream.
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 8b201a9c
...@@ -652,7 +652,7 @@ static bool verify_xindex(int xindex, int table_size) ...@@ -652,7 +652,7 @@ static bool verify_xindex(int xindex, int table_size)
int index, xtype; int index, xtype;
xtype = xindex & AA_X_TYPE_MASK; xtype = xindex & AA_X_TYPE_MASK;
index = xindex & AA_X_INDEX_MASK; index = xindex & AA_X_INDEX_MASK;
if (xtype == AA_X_TABLE && index > table_size) if (xtype == AA_X_TABLE && index >= table_size)
return 0; return 0;
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment