diff options
| author |   Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> | 2026-01-20 15:24:04 +0100 |
|---|---|---|
| committer |   John Johansen <john.johansen@canonical.com> | 2026-03-09 16:05:42 -0700 |
| commit | e38c55d9f834e5b848bfed0f5c586aaf45acb825 (patch) | |
| tree | 4f91b19ee60361eb7485a517091be0c316c64504 /tools/testing/ktest/examples/include/ssh:/git@git.zx2c4.com | |
| parent | apparmor: validate DFA start states are in bounds in unpack_pdb (diff) | |
apparmor: fix memory leak in verify_header
The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.
Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.
Fixes: dd51c8485763 ("apparmor: provide base for multiple profiles to be replaced at once")
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Reviewed-by: Cengiz Can <cengiz.can@canonical.com>
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'tools/testing/ktest/examples/include/ssh:/git@git.zx2c4.com')
0 files changed, 0 insertions, 0 deletions