diff options
author | Christos Gkekas <chris.gekas@gmail.com> | 2017-07-08 20:50:21 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-09-22 13:00:57 -0700 |
commit | 86aea56f14929ff1c05eca1776e9068e907429d5 (patch) | |
tree | a07652c9a5e08fc4a63713d07722240d062f383f | |
parent | 19fe43a54fb67b6cc8857e65c78e1dc8aa2e97a3 (diff) | |
download | op-kernel-dev-86aea56f14929ff1c05eca1776e9068e907429d5.zip op-kernel-dev-86aea56f14929ff1c05eca1776e9068e907429d5.tar.gz |
apparmor: Fix logical error in verify_header()
verify_header() is currently checking whether interface version is less
than 5 *and* greater than 7, which always evaluates to false. Instead it
should check whether it is less than 5 *or* greater than 7.
Signed-off-by: Christos Gkekas <chris.gekas@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r-- | security/apparmor/policy_unpack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 2d5a1a0..bda0dce 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -832,7 +832,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns) * if not specified use previous version * Mask off everything that is not kernel abi version */ - if (VERSION_LT(e->version, v5) && VERSION_GT(e->version, v7)) { + if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) { audit_iface(NULL, NULL, NULL, "unsupported interface version", e, error); return error; |