mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 04:21:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: fix dfa size check

Browse Source 
AppArmor dfas need a minimum of two states to be valid. State 0 is the
default trap state, and State 1 the default start state. When verifying
the dfa ensure that this is the case.

Fixes: c27c6bd2c4 ("apparmor: ensure that dfa state tables have entries")
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2026-03-04 19:24:01 -07:00
parent 497ad4be35
commit f17b68f0c3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/apparmor/match.c
View File

@@ -157,7 +157,7 @@ static int verify_dfa(struct aa_dfa *dfa)
state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;
if (state_count == 0)
if (state_count < 2)
goto out;
for (i = 0; i < state_count; i++) {
if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) &&