.39 patches

1 files changed, 38 insertions, 0 deletions

diff --git a/queue-2.6.39/apparmor-fix-oops-in-apparmor_setprocattr.patch b/queue-2.6.39/apparmor-fix-oops-in-apparmor_setprocattr.patch
new file mode 100644
index 0000000000..d00d72ecc9
--- /dev/null
+++ b/queue-2.6.39/apparmor-fix-oops-in-apparmor_setprocattr.patch
@@ -0,0 +1,38 @@
+From a5b2c5b2ad5853591a6cac6134cd0f599a720865 Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees.cook@canonical.com>
+Date: Tue, 31 May 2011 11:31:41 -0700
+Subject: AppArmor: fix oops in apparmor_setprocattr
+
+From: Kees Cook <kees.cook@canonical.com>
+
+commit a5b2c5b2ad5853591a6cac6134cd0f599a720865 upstream.
+
+When invalid parameters are passed to apparmor_setprocattr a NULL deref
+oops occurs when it tries to record an audit message. This is because
+it is passing NULL for the profile parameter for aa_audit. But aa_audit
+now requires that the profile passed is not NULL.
+
+Fix this by passing the current profile on the task that is trying to
+setprocattr.
+
+Signed-off-by: Kees Cook <kees@ubuntu.com>
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/apparmor/lsm.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct t
+ 			sa.aad.op = OP_SETPROCATTR;
+ 			sa.aad.info = name;
+ 			sa.aad.error = -EINVAL;
+-			return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++			return aa_audit(AUDIT_APPARMOR_DENIED,
++					__aa_current_profile(), GFP_KERNEL,
+ 					&sa, NULL);
+ 		}
+ 	} else if (strcmp(name, "exec") == 0) {