mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-27 12:21:22 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
aff426f35966e6e77ecfe065984344a7d834eaa9
linux/security/apparmor
History
John Johansen aff426f359 apparmor: mitigate parser generating large xtables 
Some versions of the parser are generating an xtable transition per
state in the state machine, even when the state machine isn't using
the transition table.

The parser bug is triggered by
commit 2e12c5f060 ("apparmor: add additional flags to extended permission.")

In addition to fixing this in userspace, mitigate this in the kernel
as part of the policy verification checks by detecting this situation
and adjusting to what is actually used, or if not used at all freeing
it, so we are not wasting unneeded memory on policy.

Fixes: 2e12c5f060 ("apparmor: add additional flags to extended permission.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-07-15 22:39:07 -07:00
..
include
apparmor: mitigate parser generating large xtables
2025-07-15 22:39:07 -07:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
af_unix.c
apparmor: gate make fine grained unix mediation behind v9 abi
2025-01-18 06:47:13 -08:00
apparmorfs.c
apparmor: fix typos and spelling errors
2025-02-10 11:17:49 -08:00
audit.c
apparmor: add support for profiles to define the kill signal
2025-01-18 06:47:12 -08:00
capability.c
apparmor: add ability to mediate caps with policy state machine
2025-01-18 06:47:12 -08:00
crypto.c
apparmor: use SHA-256 library API instead of crypto_shash API
2025-05-17 01:42:01 -07:00
domain.c
apparmor: force auditing of conflicting attachment execs from confined
2025-05-25 20:15:01 -07:00
file.c
apparmor: Remove unused variable 'sock' in __file_sock_perm()
2025-02-10 11:18:45 -08:00
ipc.c
apparmor: switch signal mediation to use RULE_MEDIATES
2025-01-18 06:47:12 -08:00
Kconfig
apparmor: use SHA-256 library API instead of crypto_shash API
2025-05-17 01:42:01 -07:00
label.c
apparmor: fix typos and spelling errors
2025-02-10 11:17:49 -08:00
lib.c
apparmor: mitigate parser generating large xtables
2025-07-15 22:39:07 -07:00
lsm.c
apparmor: fix typos and spelling errors
2025-02-10 11:17:49 -08:00
Makefile
apparmor: make all generated string array headers const char *const
2025-05-25 20:15:01 -07:00
match.c
apparmor: fix loop detection used in conflicting attachment resolution
2025-05-25 20:14:53 -07:00
mount.c
apparmor: take nosymfollow flag into account
2024-07-24 10:33:58 -07:00
net.c
apparmor: add fine grained af_unix mediation
2025-01-18 06:47:12 -08:00
nulldfa.in
apparmor: cleanup add proper line wrapping to nulldfa.in
2018-02-09 11:30:01 -08:00
path.c
apparmor: Use IS_ERR_OR_NULL() helper function
2024-11-26 19:21:05 -08:00
policy_compat.c
apparmor: add additional flags to extended permission.
2025-01-18 06:47:12 -08:00
policy_ns.c
apparmor: Improve debug print infrastructure
2025-01-18 06:47:11 -08:00
policy_unpack_test.c
apparmor: test: Fix memory leak for aa_unpack_strdup()
2024-11-26 19:21:05 -08:00
policy_unpack.c
apparmor: mitigate parser generating large xtables
2025-07-15 22:39:07 -07:00
policy.c
apparmor: fix typos and spelling errors
2025-02-10 11:17:49 -08:00
procattr.c
apparmor: Improve debug print infrastructure
2025-01-18 06:47:11 -08:00
resource.c
apparmor: pass cred through to audit info.
2023-10-18 15:30:38 -07:00
secid.c
apparmor: Remove deadcode
2024-11-26 19:21:05 -08:00
stacksplitdfa.in
apparmor: use the dfa to do label parse string splitting
2018-02-09 11:30:01 -08:00
task.c
apparmor: add missing params to aa_may_ptrace kernel-doc comments
2023-11-19 01:19:41 -08:00