apparmor-02-fix-fully-qualified-name-parsing.patch

   1 From 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c Mon Sep 17 00:00:00 2001
   2 From: John Johansen <john.johansen@canonical.com>
   3 Date: Wed, 27 Feb 2013 03:45:05 -0800
   4 Subject: apparmor: fix fully qualified name parsing
   5
   6 currently apparmor name parsing is only correctly handling
   7 :<NS>:<profile>
   8
   9 but
  10 :<NS>://<profile>
  11
  12 is also a valid form and what is exported to userspace.
  13
  14 Signed-off-by: John Johansen <john.johansen@canonical.com>
  15
  16 diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
  17 index d6e1f21..d40bc59 100644
  18 --- a/security/apparmor/lib.c
  19 +++ b/security/apparmor/lib.c
  20 @@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
  21                 *ns_name = skip_spaces(&name[1]);
  22                 if (split) {
  23                         /* overwrite ':' with \0 */
  24 -                       *split = 0;
  25 -                       name = skip_spaces(split + 1);
  26 +                       *split++ = 0;
  27 +                       if (strncmp(split, "//", 2) == 0)
  28 +                               split += 2;
  29 +                       name = skip_spaces(split);
  30                 } else
  31                         /* a ns name without a following profile is allowed */
  32                         name = NULL;
  33 --
  34 cgit v0.10.2
  35