]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 828bf79)
apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine
authorGONG Ruiqi <gongruiqi1@huawei.com>
Thu, 23 Apr 2026 03:10:56 +0000 (11:10 +0800)
committerJohn Johansen <john.johansen@canonical.com>
Thu, 23 Apr 2026 03:11:08 +0000 (20:11 -0700)
aa_dfa_unpack returns ERR_PTR not NULL when it fails, but aa_put_dfa
only checks NULL for its input, which would cause invalid memory access
in aa_put_dfa. Set nulldfa to NULL explicitly to fix that.

Fixes: 98b824ff8984 ("apparmor: refcount the pdb")
Signed-off-by: GONG Ruiqi <gongruiqi1@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/lsm.c patch | blob | blame | history

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 467f7ac476aa886cb4ded53cdb41593449bd12f3..3491e9f601943fd6dc44b11cd70a74c7cf7286e5 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2456,6 +2456,7 @@ static int __init aa_setup_dfa_engine(void)
                            TO_ACCEPT2_FLAG(YYTD_DATA32));
        if (IS_ERR(nulldfa)) {
                error = PTR_ERR(nulldfa);
+               nulldfa = NULL;
                goto fail;
        }
        nullpdb->dfa = aa_get_dfa(nulldfa);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git