Re: [PATCH] apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine

Next message: Nihal Kumar Gupta: "Re: [PATCH v2 6/7] arm64: dts: qcom: shikra-cqm-cqs-evk-imx577-camera: Add DT overlay"
Previous message: John Johansen: "Re: [PATCH RESEND] apparmor: Fix string overrun due to missing termination"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: John Johansen

Date: Sat Jun 13 2026 - 00:43:16 EST

On 4/22/26 20:10, GONG Ruiqi wrote:

aa_dfa_unpack returns ERR_PTR not NULL when it fails, but aa_put_dfa
only checks NULL for its input, which would cause invalid memory access
in aa_put_dfa. Set nulldfa to NULL explicitly to fix that.

Fixes: 98b824ff8984 ("apparmor: refcount the pdb")
Signed-off-by: GONG Ruiqi <gongruiqi1@xxxxxxxxxx>

sorry for the lateness of the reply my mail wasn't working when I pulled
this in for 7.1

Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx>

---
security/apparmor/lsm.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c1d42fc72fdb..ead2f07982b6 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2465,6 +2465,7 @@ static int __init aa_setup_dfa_engine(void)
TO_ACCEPT2_FLAG(YYTD_DATA32));
if (IS_ERR(nulldfa)) {
error = PTR_ERR(nulldfa);
+ nulldfa = NULL;
goto fail;
}
nullpdb->dfa = aa_get_dfa(nulldfa);