apparmor: fix logical error in signal range validation

[PATCH security] apparmor: fix logical error in signal range validation

Dheeraj Reddy Jonnalagadda posted 1 patch 11 months ago

Download mbox

security/apparmor/policy_unpack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH security] apparmor: fix logical error in signal range validation

Posted by Dheeraj Reddy Jonnalagadda 11 months ago

Fix logically impossible condition in unpack_profile() that made the
signal validation code unreachable. The function was using && instead
of || when checking if the signal value is outside the valid range,
making it impossible for both conditions to be true simultaneously.

Update the condition to ensure proper range validation.

Fixes: 84c455decf27 ("apparmor: add support for profiles to define the kill signal")
Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@gmail.com>
---
 security/apparmor/policy_unpack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 73139189df0f..e643514a3d92 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -919,7 +919,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
 
 	/* optional */
 	(void) aa_unpack_u32(e, &profile->signal, "kill");
-	if (profile->signal < 1 && profile->signal > MAXMAPPED_SIG) {
+	if (profile->signal < 1 || profile->signal > MAXMAPPED_SIG) {
 		info = "profile kill.signal invalid value";
 		goto fail;
 	}
-- 
2.34.1