From: John Johansen john.johansen@canonical.com
[ Upstream commit 6600e9f692e36e265ef0828f08337fa294bb330f ]
Add check for failure to allocate the permission table.
Fixes: caa9f579ca72 ("apparmor: isolate policy backwards compatibility to its own file") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: Sasha Levin sashal@kernel.org --- security/apparmor/policy_compat.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/security/apparmor/policy_compat.c b/security/apparmor/policy_compat.c index cc89d1e88fb74..6fa185ce8d9dc 100644 --- a/security/apparmor/policy_compat.c +++ b/security/apparmor/policy_compat.c @@ -179,6 +179,8 @@ static struct aa_perms *compute_xmatch_perms(struct aa_dfa *xmatch) state_count = xmatch->tables[YYTD_ID_BASE]->td_lolen; /* DFAs are restricted from having a state_count of less than 2 */ perms = kvcalloc(state_count, sizeof(struct aa_perms), GFP_KERNEL); + if (!perms) + return NULL;
/* zero init so skip the trap state (state == 0) */ for (state = 1; state < state_count; state++)