From: John Johansen <john.johansen@canonical.com>
Date: Mon, 4 Aug 2025 05:07:52 +0000 (-0700)
Subject: apparmor: guard against free routines being called with a NULL
X-Git-Tag: v7.0-rc1~35^2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e16eee7895502bc3c07043169940b005d44bba8f;p=thirdparty%2Flinux.git

apparmor: guard against free routines being called with a NULL

aa_free_data() and free_attachment() don't guard against having
a NULL parameter passed to them. Fix this.

Reviewed-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index f2cef22ed729..a64cfd24cedc 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -232,6 +232,9 @@ static void aa_free_data(void *ptr, void *arg)
 {
 	struct aa_data *data = ptr;
 
+	if (!ptr)
+		return;
+
 	kvfree_sensitive(data->data, data->size);
 	kfree_sensitive(data->key);
 	kfree_sensitive(data);
@@ -241,6 +244,9 @@ static void free_attachment(struct aa_attachment *attach)
 {
 	int i;
 
+	if (!attach)
+		return;
+
 	for (i = 0; i < attach->xattr_count; i++)
 		kfree_sensitive(attach->xattrs[i]);
 	kfree_sensitive(attach->xattrs);