<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/security/apparmor/match.c, branch v4.11</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>apparmor: fix restricted endian type warnings for dfa unpack</title>
<updated>2017-01-16T09:18:54+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:43:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e6e8bf418850d7958311a96ccfb594f2bcc8313e'/>
<id>e6e8bf418850d7958311a96ccfb594f2bcc8313e</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: add a default null dfa</title>
<updated>2017-01-16T09:18:34+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:42:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=11c236b89d7c26d58c55d5613a858600a4d2ab3a'/>
<id>11c236b89d7c26d58c55d5613a858600a4d2ab3a</id>
<content type='text'>
Instead of testing whether a given dfa exists in every code path, have
a default null dfa that is used when loaded policy doesn't provide a
dfa.

This will let us get rid of special casing and avoid dereference bugs
when special casing is missed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Instead of testing whether a given dfa exists in every code path, have
a default null dfa that is used when loaded policy doesn't provide a
dfa.

This will let us get rid of special casing and avoid dereference bugs
when special casing is missed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: move lib definitions into separate lib include</title>
<updated>2017-01-16T08:42:13+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:42:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=12557dcba21b015f470076da6947e68bc70fff64'/>
<id>12557dcba21b015f470076da6947e68bc70fff64</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: do not expose kernel stack</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>Heinrich Schuchardt</name>
<email>xypron.glpk@gmx.de</email>
</author>
<published>2016-06-10T21:34:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f4ee2def2d70692ccff0d55353df4ee594fd0017'/>
<id>f4ee2def2d70692ccff0d55353df4ee594fd0017</id>
<content type='text'>
Do not copy uninitalized fields th.td_hilen, th.td_data.

Signed-off-by: Heinrich Schuchardt &lt;xypron.glpk@gmx.de&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Do not copy uninitalized fields th.td_hilen, th.td_data.

Signed-off-by: Heinrich Schuchardt &lt;xypron.glpk@gmx.de&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: don't check for vmalloc_addr if kvzalloc() failed</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-06-15T06:57:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3197f5adf539a3ee6331f433a51483f8c842f890'/>
<id>3197f5adf539a3ee6331f433a51483f8c842f890</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: add missing id bounds check on dfa verification</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-06-02T09:37:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=15756178c6a65b261a080e21af4766f59cafc112'/>
<id>15756178c6a65b261a080e21af4766f59cafc112</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: reserve and mask off the top 8 bits of the base field</title>
<updated>2013-04-28T07:37:32+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-02-19T00:12:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ed686308c6837ff67f56e4115d0fd6bdc65a4313'/>
<id>ed686308c6837ff67f56e4115d0fd6bdc65a4313</id>
<content type='text'>
The top 8 bits of the base field have never been used, in fact can't
be used, by the current 'dfa16' format.  However they will be used in the
future as flags, so mask them off when using base as an index value.

Note: the use of the top 8 bits, without masking is trapped by the verify
      checks that base entries are within the size bounds.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The top 8 bits of the base field have never been used, in fact can't
be used, by the current 'dfa16' format.  However they will be used in the
future as flags, so mask them off when using base as an index value.

Note: the use of the top 8 bits, without masking is trapped by the verify
      checks that base entries are within the size bounds.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: misc cleanup of match</title>
<updated>2013-04-28T07:36:55+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-02-19T00:08:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=8e4ff109d0d2194d98e9e16325bb4102f6463b43'/>
<id>8e4ff109d0d2194d98e9e16325bb4102f6463b43</id>
<content type='text'>
tidying up comments, includes and defines

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
tidying up comments, includes and defines

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: add kvzalloc to handle zeroing for kvmalloc</title>
<updated>2013-04-28T07:36:09+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-02-19T00:04:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0ca554b9fca425eb58325a36290deef698cef34b'/>
<id>0ca554b9fca425eb58325a36290deef698cef34b</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Steve Beattie &lt;sbeattie@ubuntu.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Steve Beattie &lt;sbeattie@ubuntu.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>AppArmor: Update dfa matching routines.</title>
<updated>2012-03-14T13:15:24+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2012-02-16T14:20:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0fe1212d0539eb6c1e27d388711172d786e299cc'/>
<id>0fe1212d0539eb6c1e27d388711172d786e299cc</id>
<content type='text'>
Update aa_dfa_match so that it doesn't result in an input string being
walked twice (once to get its length and another time to match)

Add a single step functions
  aa_dfa_next

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Update aa_dfa_match so that it doesn't result in an input string being
walked twice (once to get its length and another time to match)

Add a single step functions
  aa_dfa_next

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Kees Cook &lt;kees@ubuntu.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
