mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
Steve Beattie 0fb25b57e3 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor: Fix use after free in regexp parser

 There are two cases of use-after-free in the simply_tree_base code. It
 worked in the past because there aren't any allocations between the
 free and the use, so it was still around.

 With glibc's memory perturbing feature (set _MALLOC_PERTURB to anything),
 the freed memory is poisoned. This causes crashes in e.g. apparmor_parser
 while parsing certain profiles.

 This patch addresses it by saving a pointer to the node to free after
 the node is advanced.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
2011-01-07 14:24:24 -08:00
..
libapparmor_re From: Jeff Mahoney <jeffm@suse.com> 2011-01-07 14:24:24 -08:00
pcre Add an 'all' target for the pcre subdir. 2007-03-30 16:30:15 +00:00
po Update translation files 2009-02-07 12:16:03 +00:00
tst Fix two x transition conflict bugs. 2011-01-07 12:46:15 -08:00
apparmor-parser.spec.in clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
apparmor.d.pod add commented, but blank tunables/alias 2010-01-11 14:19:35 -06:00
apparmor.pod update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
apparmor.vim.pod update copyright dates 2007-04-11 08:12:51 +00:00
apparmor_parser.pod Partial merge r1419: add the -p flag to support the output of 2010-07-17 18:39:37 -07:00
COPYING.GPL Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
frob_slack_rc Update keywords attribute, svn:ignore attribute, update Makefile to 2006-04-12 03:09:10 +00:00
immunix.h Fix two x transition conflict bugs. 2011-01-07 12:46:15 -08:00
Makefile Merge from trunk rev 1514: Have the parser makefile honor CFLAGS 2010-10-09 14:19:13 -07:00
parser.h Merge from trunk revs 1495 and 1496: Update how cache validation is 2010-09-15 12:01:21 -07:00
parser_alias.c Allow for a location to alias to multiple locations. Ie. 2010-02-12 13:51:27 -08:00
parser_include.c Merge in r1413 and r1418: report correct filename/line number on errors 2010-06-25 12:58:17 -07:00
parser_include.h Merge in r1413 and r1418: report correct filename/line number on errors 2010-06-25 12:58:17 -07:00
parser_interface.c Much pared down version of trunk commit 1497: fix error checking so that 2010-09-15 09:33:01 -07:00
parser_lex.l Merge from trunk revs 1495 and 1496: Update how cache validation is 2010-09-15 12:01:21 -07:00
parser_main.c When loading without the 2.4 compatibility patch, the parser needs the 2010-09-16 10:13:11 -07:00
parser_merge.c update for ptrace rules 2008-04-09 23:56:31 +00:00
parser_misc.c Add some unit tests for processunquoted() -- sadly it handles octals 2010-03-08 20:38:54 -08:00
parser_policy.c Add 64bit capabilities 2009-08-20 15:27:12 +00:00
parser_regex.c Update aliases so that they apply properly to profile names. 2010-02-12 13:49:58 -08:00
parser_symtab.c * fix a few more memory leaks 2009-07-24 13:24:53 +00:00
parser_variable.c cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
parser_yacc.y Cherry picked elements from trunk commit 1437: fix serious compiler 2010-09-15 10:24:55 -07:00
rc.aaeventd.redhat clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
rc.aaeventd.suse Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
rc.apparmor.debian fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.functions include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
rc.apparmor.redhat fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.slackware fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.suse fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
README Kill some bogus readme text 2007-04-25 20:50:21 +00:00
subdomain.conf Update keywords attribute, svn:ignore attribute, update Makefile to 2006-04-12 03:09:10 +00:00
subdomain.conf.pod update copyright dates 2007-04-11 08:12:51 +00:00
techdoc.tex Move the techdoc to the apparmor-parser package. 2007-04-12 06:01:40 +00:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at
<http://forge.novell.com/modules/xfmod/project/?apparmor>.

Please send all complaints, bug reports, feature requests, rants about the
software, and questions to apparmor-general@forge.novell.com. Security
issues should be directed to security@suse.de or secure@novell.com,
where we will attempt to conform to the RFP vulnerability disclosure
protocol: http://www.wiretrip.net/rfp/policy.html

The parser uses the PCRE (Perl Compatible Regular Expression) engine,
which was written by Philip Hazel and is copyright by the University
of Cambridge, England. For more information on the PCRE engine, see
<ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/>

Thanks.

-- The AppArmor development team