summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-02-27 03:45:05 -0800
committerJohn Johansen <john.johansen@canonical.com>2013-04-28 00:39:37 -0700
commit2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (patch)
treee82423fd02f8cb9911b7c39229bd98d754a063ea
parent3eea57c26e49a5add4c053a031cc2a1977b7c48e (diff)
downloadop-kernel-dev-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.zip
op-kernel-dev-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.tar.gz
apparmor: fix fully qualified name parsing
currently apparmor name parsing is only correctly handling :<NS>:<profile> but :<NS>://<profile> is also a valid form and what is exported to userspace. Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/lib.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index d6e1f21..d40bc592 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
*ns_name = skip_spaces(&name[1]);
if (split) {
/* overwrite ':' with \0 */
- *split = 0;
- name = skip_spaces(split + 1);
+ *split++ = 0;
+ if (strncmp(split, "//", 2) == 0)
+ split += 2;
+ name = skip_spaces(split);
} else
/* a ns name without a following profile is allowed */
name = NULL;
OpenPOWER on IntegriCloud