mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prevent crash caused by serialize_profile_from_old_profile()

Browse source 
If a profile file contains multiple profiles and one of those profiles
contains a rule managed by a *Ruleset class,
serialize_profile_from_old_profile() crashes with an AttributeError.

This happens because profile_data / write_prof_data contain only one
profile with its hats, which explodes if a file contains multiple
profiles, as reported in lp#1528139

Fixing this would need lots of
    write_prof_data[hat] -> write_prof_data[profile][hat]
changes (and of course also a change in the calling code) or, better
option, a full rewrite of serialize_profile_from_old_profile().

Unfortunately I don't have the time to do the rewrite at the moment (I
have other things on my TODO list), and changing write_prof_data[hat] ->
write_prof_data[profile][hat] is something that might introduce more
breakage, so I'm not too keen to do that.

Therefore this patch wraps the serialize_profile_from_old_profile() call
in try/except. If it fails, the diff will include an error message and
recommend to use 'View Changes b/w (C)lean profiles' instead, which is
known to work.

Note: I know using an error message as 'newprofile' isn't an usual way
to display an error message, but I found it more intuitive than
displaying it as a warning (without $PAGER).


References: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139



Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10
This commit is contained in:
Christian Boltz 2016-02-20 13:33:17 +01:00
parent 458f696f8e
commit 61ee9623c5
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
utils/apparmor/aa.py
View file

@ -2284,7 +2284,12 @@ def save_profiles():
oldprofile = aa[which][which]['filename']
else:
oldprofile = get_profile_filename(which)
newprofile = serialize_profile_from_old_profile(aa[which], which, '')
try:
newprofile = serialize_profile_from_old_profile(aa[which], which, '')
except AttributeError:
# see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139
newprofile = "###\n###\n### Internal error while generating diff, please use '%s' instead\n###\n###\n" % _('View Changes b/w (C)lean profiles')
display_changes_with_comments(oldprofile, newprofile)
@ -3604,6 +3609,11 @@ def serialize_profile_from_old_profile(profile_data, name, options):
write_filelist = deepcopy(filelist[prof_filename])
write_prof_data = deepcopy(profile_data)
# XXX profile_data / write_prof_data contain only one profile with its hats
# XXX this will explode if a file contains multiple profiles, see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139
# XXX fixing this needs lots of write_prof_data[hat] -> write_prof_data[profile][hat] changes (and of course also a change in the calling code)
# XXX (the better option is a full rewrite of serialize_profile_from_old_profile())
if options: # and type(options) == dict:
if options.get('METADATA', False):
include_metadata = True