apparmor: fix oops in profile_unpack() when policy_db is not present
authorJohn Johansen <john.johansen@canonical.com>
Wed, 15 Jun 2016 07:00:55 +0000 (10:00 +0300)
committerJohn Johansen <john.johansen@canonical.com>
Tue, 12 Jul 2016 15:43:10 +0000 (08:43 -0700)
BugLink: http://bugs.launchpad.net/bugs/1592547
If unpack_dfa() returns NULL due to the dfa not being present,
profile_unpack() is not checking if the dfa is not present (NULL).

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/policy_unpack.c

index 951ae46339793e9214966f2ef49a329cd9834f71..b9b1c66a32a552b68e2a7447c6052866fef53026 100644 (file)
@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
                        error = PTR_ERR(profile->policy.dfa);
                        profile->policy.dfa = NULL;
                        goto fail;
+               } else if (!profile->policy.dfa) {
+                       error = -EPROTO;
+                       goto fail;
                }
                if (!unpack_u32(e, &profile->policy.start[0], "start"))
                        /* default start state */