AppArmor

change_profile's target namespace parsing doesn't work as intended

Bug #1540666 reported by Tyler Hicks on 2016-02-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	Fix Released	Medium	Tyler Hicks

Bug Description

While modifying the change_profile rule parsing logic, I noticed that the
portion that is intended to parse the target profile's namespace is not working
as intended:

parser/parser_yacc.y:
  1525 change_profile: change_profile_head TOK_ARROW opt_ns TOK_ID TOK_END_OF_RULE
  1526 {
  1527 struct cod_entry *entry;
  1528 PDEBUG("Matched change_profile: tok_id (:%s://%s)\n", $3 ? $3 : "", $4);
  1529 entry = new_entry($3, $4, AA_CHANGE_PROFILE, $1);
  1530 if (!entry)
  1531 yyerror(_("Memory allocation error."));
  1532 PDEBUG("change_profile.entry: (%s)\n", entry->name);
  1533 $$ = entry;
  1534 };

$ echo "/t { change_profile /bin/true -> :ns://profile, }" | ./parser/apparmor_parser -qQ
...
parser: Matched change_profile: tok_id (:://:ns://profile)
...

You can see from the PDEBUG() output that NULL is being passed as the first
parameter to new_entry(). I've also verified this through other means.

Tags:

Christian Boltz (cboltz) on 2016-02-01

tags:

added: aa-parser

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2016-02-18:

https://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3377

Changed in apparmor:
status:	In Progress → Fix Committed

Revision history for this message

Christian Boltz (cboltz) wrote on 2017-01-10:

Fixed in AppArmor 2.11

Changed in apparmor:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.