summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
authorChristos Gkekas <chris.gekas@gmail.com>2017-07-08 20:50:21 +0100
committerJohn Johansen <john.johansen@canonical.com>2017-09-22 13:00:57 -0700
commit86aea56f14929ff1c05eca1776e9068e907429d5 (patch)
treea07652c9a5e08fc4a63713d07722240d062f383f /security/apparmor
parent19fe43a54fb67b6cc8857e65c78e1dc8aa2e97a3 (diff)
apparmor: Fix logical error in verify_header()
verify_header() is currently checking whether interface version is less than 5 *and* greater than 7, which always evaluates to false. Instead it should check whether it is less than 5 *or* greater than 7. Signed-off-by: Christos Gkekas <chris.gekas@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/policy_unpack.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 2d5a1a007b06..bda0dce3b582 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -832,7 +832,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
* if not specified use previous version
* Mask off everything that is not kernel abi version
*/
- if (VERSION_LT(e->version, v5) && VERSION_GT(e->version, v7)) {
+ if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) {
audit_iface(NULL, NULL, NULL, "unsupported interface version",
e, error);
return error;