apparmor: return error on namespace mismatch in verify_header

When profiles in a multi-profile load specify different namesapaces,
the audit record is generated but execution continues, causing the
function to return success. This violates the load requirement that
all profiles must target the same namespace.

Add the missing return statement after auditing the error.

Reported-by: Qualys Security Advisory <qsa@qualys.com>
Fixes: dd51c8485763 ("apparmor: provide base for multiple profiles to be replaced at once")
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 1769417a996248e559ced5bf80698fb6127df7fb..ff517bc7e2754f6ca22a409b85d36dc10e9fa6b0 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1440,6 +1440,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
                if (*ns && strcmp(*ns, name)) {
                        audit_iface(NULL, NULL, NULL, "invalid ns change", e,
                                    error);
+                       return error;
                } else if (!*ns) {
                        *ns = kstrdup(name, GFP_KERNEL);
                        if (!*ns)