From: John Johansen <john.johansen@canonical.com>
Date: Sun, 25 Sep 2022 05:34:07 +0000 (-0700)
Subject: apparmor: Remove unnecessary size check when unpacking trans_table
X-Git-Tag: v6.2-rc1~86^2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=73c7e91c8bc98a5da94be62a9a4ba2793f86a97b;p=thirdparty%2Fkernel%2Flinux.git

apparmor: Remove unnecessary size check when unpacking trans_table

The index into the trans_table has a max size of 2^24 bits which the
code was testing but this is unnecessary as unpack_array can only
unpack a table of 2^16 bits in size so the table unpacked will never
be larger than what can be indexed, and any test here is redundant.

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index ac9955ef5d4a7..6deaeecb76feb 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -484,9 +484,13 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_str_table *strs)
 		u16 size;
 		int i;
 
-		if (unpack_array(e, NULL, &size) != TRI_TRUE ||
-		    size > (1 << 24))
-		  /* currently 2^24 bits entries 0-3 */
+		if (unpack_array(e, NULL, &size) != TRI_TRUE)
+			/*
+			 * Note: index into trans table array is a max
+			 * of 2^24, but unpack array can only unpack
+			 * an array of 2^16 in size atm so no need
+			 * for size check here
+			 */
 			goto fail;
 		table = kcalloc(size, sizeof(char *), GFP_KERNEL);
 		if (!table)