diff options
author | John Johansen <john.johansen@canonical.com> | 2013-02-27 03:45:05 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2013-04-28 00:39:37 -0700 |
commit | 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (patch) | |
tree | e82423fd02f8cb9911b7c39229bd98d754a063ea | |
parent | 3eea57c26e49a5add4c053a031cc2a1977b7c48e (diff) | |
download | op-kernel-dev-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.zip op-kernel-dev-2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c.tar.gz |
apparmor: fix fully qualified name parsing
currently apparmor name parsing is only correctly handling
:<NS>:<profile>
but
:<NS>://<profile>
is also a valid form and what is exported to userspace.
Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r-- | security/apparmor/lib.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index d6e1f21..d40bc592 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name) *ns_name = skip_spaces(&name[1]); if (split) { /* overwrite ':' with \0 */ - *split = 0; - name = skip_spaces(split + 1); + *split++ = 0; + if (strncmp(split, "//", 2) == 0) + split += 2; + name = skip_spaces(split); } else /* a ns name without a following profile is allowed */ name = NULL; |