UBUNTU: SAUCE: apparmor: fix notification header size

jrjohansen · roxanan1996 · commit f69abbd0306c · 2023-10-30T13:08:04.000+01:00
BugLink: https://bugs.launchpad.net/bugs/2040250 When strings are appended to the notification the header size should be updated to reflect the correct size. While the size is also directly returned as part of delivering the notification, the header should also be update to conform to specification and allow for verification. If verification is enabled and the notification contains appended strings then notifications fail verification and won't be delivered. Fixes: 9a3b87d ("UBUNTU: SAUCE: apparmor4.0.0 [64/76]: prompt - rework build to use append fn, to simplify adding strings") Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
diff --git a/security/apparmor/notify.c b/security/apparmor/notify.c
@@ -975,6 +975,9 @@ static long build_v3_unotif(struct aa_knotif *knotif, void __user *buf,
 	if (!build_append_str(buf, pos, max_size, knotif->ad->name,
 			      unotif.file.name, size))
 		return size;
+
+	/* set size after appending strings */
+	unotif.common.len = size;
 	/* now the struct, at the start of user mem */
 	if (copy_to_user(buf, &unotif, sizeof(unotif)))
 		return -EFAULT;
