]>
Commit | Line | Data |
---|---|---|
37e96ed9 DM |
1 | From 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c Mon Sep 17 00:00:00 2001 |
2 | From: John Johansen <john.johansen@canonical.com> | |
3 | Date: Wed, 27 Feb 2013 03:45:05 -0800 | |
4 | Subject: apparmor: fix fully qualified name parsing | |
5 | ||
6 | currently apparmor name parsing is only correctly handling | |
7 | :<NS>:<profile> | |
8 | ||
9 | but | |
10 | :<NS>://<profile> | |
11 | ||
12 | is also a valid form and what is exported to userspace. | |
13 | ||
14 | Signed-off-by: John Johansen <john.johansen@canonical.com> | |
15 | ||
16 | diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c | |
17 | index d6e1f21..d40bc59 100644 | |
18 | --- a/security/apparmor/lib.c | |
19 | +++ b/security/apparmor/lib.c | |
20 | @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name) | |
21 | *ns_name = skip_spaces(&name[1]); | |
22 | if (split) { | |
23 | /* overwrite ':' with \0 */ | |
24 | - *split = 0; | |
25 | - name = skip_spaces(split + 1); | |
26 | + *split++ = 0; | |
27 | + if (strncmp(split, "//", 2) == 0) | |
28 | + split += 2; | |
29 | + name = skip_spaces(split); | |
30 | } else | |
31 | /* a ns name without a following profile is allowed */ | |
32 | name = NULL; | |
33 | -- | |
34 | cgit v0.10.2 | |
35 |