apparmor: fix oops in profile_unpack() when policy_db is not present

commit 5f20fdfed16bc599a325a145bf0123a8e1c9beea upstream.

BugLink: http://bugs.launchpad.net/bugs/1592547
If unpack_dfa() returns NULL due to the dfa not being present,
profile_unpack() is not checking if the dfa is not present (NULL).

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c841b1268a84999d99dff1102aca1809c842299b..dac2121bc8739a2e7952a2f09b6b4d4733baa901 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
                        error = PTR_ERR(profile->policy.dfa);
                        profile->policy.dfa = NULL;
                        goto fail;
+               } else if (!profile->policy.dfa) {
+                       error = -EPROTO;
+                       goto fail;
                }
                if (!unpack_u32(e, &profile->policy.start[0], "start"))
                        /* default start state */