| Message ID | 20250121101138.116675-1-dheeraj.linuxdev@gmail.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [security] apparmor: fix logical error in signal range validation | expand |
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 73139189df0f..e643514a3d92 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -919,7 +919,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) /* optional */ (void) aa_unpack_u32(e, &profile->signal, "kill"); - if (profile->signal < 1 && profile->signal > MAXMAPPED_SIG) { + if (profile->signal < 1 || profile->signal > MAXMAPPED_SIG) { info = "profile kill.signal invalid value"; goto fail; }
Fix logically impossible condition in unpack_profile() that made the signal validation code unreachable. The function was using && instead of || when checking if the signal value is outside the valid range, making it impossible for both conditions to be true simultaneously. Update the condition to ensure proper range validation. Fixes: 84c455decf27 ("apparmor: add support for profiles to define the kill signal") Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com> --- security/apparmor/policy_unpack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)