UBUNTU: SAUCE: AppArmor: Fix unpack of network tables.

The unpacking of network rules, unpacks 1 more rule than it should.  It
should drop all rules with network types AF_MAX or greater.

Fix suggested by Tetsuo Handa in
https://lists.ubuntu.com/archives/kernel-team/2010-November/013327.html

Reported-by: Tetsuo Handa <from-ubuntu@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c2b6225..d8ab6d3 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -580,7 +580,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
                        /* discard extraneous rules that this kernel will
                         * never request
                         */
-                       if (i > AF_MAX) {
+                       if (i >= AF_MAX) {
                                u16 tmp;
                                if (!unpack_u16(e, &tmp, NULL) ||
                                    !unpack_u16(e, &tmp, NULL) ||