Commit 11b7df09 authored Apr 23, 2026 by GONG Ruiqi Committed by John Johansen Apr 22, 2026

apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine



aa_dfa_unpack returns ERR_PTR not NULL when it fails, but aa_put_dfa
only checks NULL for its input, which would cause invalid memory access
in aa_put_dfa. Set nulldfa to NULL explicitly to fix that.

Fixes: 98b824ff ("apparmor: refcount the pdb")
Signed-off-by: GONG Ruiqi <gongruiqi1@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

parent 828bf792

security/apparmor/lsm.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -2456,6 +2456,7 @@ static int __init aa_setup_dfa_engine(void)
		TO_ACCEPT2_FLAG(YYTD_DATA32));
		if (IS_ERR(nulldfa)) {
		error = PTR_ERR(nulldfa);
		nulldfa = NULL;
		goto fail;
		}
		nullpdb->dfa = aa_get_dfa(nulldfa);