W dniu 13.01.2026 o 18:35 Ryan Lee pisze: > In policy_unpack.c:unpack_perms_table, the perms struct is allocated via > kcalloc, with the position being reset if the allocation fails. However, > the error path results in -EPROTO being retured instead of -ENOMEM. Fix > this to return the correct error code. > > Reported-by: Zygmunt Krynicki <[email protected]> > Fixes: fd1b2b95a2117 ("apparmor: add the ability for policy to specify > a permission table") > Signed-off-by: Ryan Lee <[email protected]> > --- > security/apparmor/policy_unpack.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/policy_unpack.c > b/security/apparmor/policy_unpack.c > index 019430225e4a..2280a8f7a843 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -700,8 +700,10 @@ static ssize_t unpack_perms_table(struct aa_ext > *e, struct aa_perms **perms) > if (!aa_unpack_array(e, NULL, &size)) > goto fail_reset; > *perms = kcalloc(size, sizeof(struct aa_perms), GFP_KERNEL); > - if (!*perms) > - goto fail_reset; > + if (!*perms) { > + e->pos = pos; > + return -ENOMEM; > + } > for (i = 0; i < size; i++) { > if (!unpack_perm(e, version, &(*perms)[i])) > goto fail; > -- > 2.43.0
This looks good. I'm unfamiliar with kernel acked protocol so I'll refrain from that. Best regards ZK
