On 8/22/24 15:53, Ryan Lee wrote:
I just realized that I forgot to add sign off on my patch, so I'm
resending it with the Signed-off-by line added.
On Wed, Aug 21, 2024 at 11:12 AM Ryan Lee <ryan....@canonical.com> wrote:
After further analysis, the root cause turned out to be the xmatch not
being set up properly when allocating a null profile for learning in
complain mode. Thus, I am withdrawing the above patch and instead
attaching a new patch that does this setup in aa_alloc_null.
Ryan
On Mon, Aug 19, 2024 at 1:05 PM Ryan Lee <ryan....@canonical.com> wrote:
find_attach loops over profile entries and first checks for a DFA, falling
back onto a strcmp otherwise. However, the check if (attach->xmatch->dfa)
did not account for the possibility that (attach->xmatch) could be null.
This occured with a sequence of profile replacements that resulted in a
kernel BUG print due to the null pointer dereference.
To avoid this issue, first check that (attach->xmatch) is not null.
The one-line patch is attached to the email.
Ryan
this has been applied to the apparmor tree
thanks
