apparmor: fix fully qualified name parsing

currently apparmor name parsing is only correctly handling :<NS>:<profile> but :<NS>://<profile> is also a valid form and what is exported to userspace. Signed-off-by: John Johansen <john.johansen@canonical.com>
mariux64 · Apr 28, 2013 · 2654bfb · 2654bfb
1 parent 3eea57c
commit 2654bfb
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
@@ -45,8 +45,10 @@ char *aa_split_fqname(char *fqname, char **ns_name)
 		*ns_name = skip_spaces(&name[1]);
 		if (split) {
 			/* overwrite ':' with \0 */
-			*split = 0;
-			name = skip_spaces(split + 1);
+			*split++ = 0;
+			if (strncmp(split, "//", 2) == 0)
+				split += 2;
+			name = skip_spaces(split);
 		} else
 			/* a ns name without a following profile is allowed */
 			name = NULL;