mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
bc492533cc
Hasher causes some fun in aa-mergeprof: If the profile in
/etc/apparmor.d/ has a hat or subprofile that doesn't exist in the
to-be-merged profile, aa-mergeprof crashes. This is caused by reading
self.other.aa[program][hat]['include'] which accidently "creates" that
profile inside the aa hasher as empty hasher (instead of ProfileStorage).
Later, the code loops over self.other.aa[profile].keys(), expects
everything to be ProfileStorage, and explodes [1] when for example
trying to run .delete_duplicates on the hasher (which obviously doesn't
provide this method).
This patch adds checks to all self.other.aa accesses in
CleanProf.remove_duplicate_rules() to avoid accidently creating new keys
in the hasher.
Interestingly this bug survived unnoticed for years (at least since
2.11).
[1] last lines of the backtrace:
File ".../utils/apparmor/cleanprofile.py", line 42, in compare_profiles
deleted += self.remove_duplicate_rules(profile)
File ".../utils/apparmor/cleanprofile.py", line 65, in remove_duplicate_rules
deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)
File ".../utils/apparmor/aa.py", line 1680, in delete_duplicates
deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
AttributeError: 'collections.defaultdict' object has no attribute 'delete_duplicates'
|
||
|---|---|---|
| .. | ||
| rule | ||
| __init__.py | ||
| aa.py | ||
| aamode.py | ||
| aare.py | ||
| cleanprofile.py | ||
| common.py | ||
| config.py | ||
| easyprof.py | ||
| fail.py | ||
| logparser.py | ||
| profile_storage.py | ||
| regex.py | ||
| rules.py | ||
| sandbox.py | ||
| severity.py | ||
| tools.py | ||
| translations.py | ||
| ui.py | ||