aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/security/apparmor/policy_unpack.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r--security/apparmor/policy_unpack.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index a689f10930b5..138120698f83 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
error = PTR_ERR(profile->policy.dfa);
profile->policy.dfa = NULL;
goto fail;
+ } else if (!profile->policy.dfa) {
+ error = -EPROTO;
+ goto fail;
}
if (!unpack_u32(e, &profile->policy.start[0], "start"))
/* default start state */
@@ -676,7 +679,7 @@ static bool verify_xindex(int xindex, int table_size)
int index, xtype;
xtype = xindex & AA_X_TYPE_MASK;
index = xindex & AA_X_INDEX_MASK;
- if (xtype == AA_X_TABLE && index > table_size)
+ if (xtype == AA_X_TABLE && index >= table_size)
return 0;
return 1;
}
@@ -776,7 +779,7 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
goto fail_profile;
error = aa_calc_profile_hash(profile, e.version, start,
- e.pos - start);
+ e.pos - start);
if (error)
goto fail_profile;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.