apparmor: fix fully qualified name parsing
authorJohn Johansen <john.johansen@canonical.com>
Wed, 27 Feb 2013 11:45:05 +0000 (03:45 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 28 Apr 2013 07:39:37 +0000 (00:39 -0700)
currently apparmor name parsing is only correctly handling
:<NS>:<profile>

but
:<NS>://<profile>

is also a valid form and what is exported to userspace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/lib.c

index d6e1f21..d40bc59 100644 (file)
@@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
                *ns_name = skip_spaces(&name[1]);
                if (split) {
                        /* overwrite ':' with \0 */
-                       *split = 0;
-                       name = skip_spaces(split + 1);
+                       *split++ = 0;
+                       if (strncmp(split, "//", 2) == 0)
+                               split += 2;
+                       name = skip_spaces(split);
                } else
                        /* a ns name without a following profile is allowed */
                        name = NULL;