aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
authorGeorgia Garcia <georgia.garcia@canonical.com>2026-05-06 16:02:11 -0300
committerJohn Johansen <john.johansen@canonical.com>2026-06-13 20:14:07 -0700
commit7681ca43d2b1c776e62fe77e3167835fb1ab8319 (patch)
treef6cf55be5d5054fa0c57ca33c2b13095e437b56c /security
parent716d384ac7c905b719f3ce11cdb3a3d172c210fb (diff)
downloadath-7681ca43d2b1c776e62fe77e3167835fb1ab8319.tar.gz
apparmor: fix NULL pointer dereference in unpack_pdb
pdb->dfa could be NULL if unpack_dfa fails, causing a NULL pointer dereference. Fixes: 2e12c5f06017 ("apparmor: add additional flags to extended permission.") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/policy_unpack.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 9f45d5513d2ca..3643c058d6f89 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1045,7 +1045,7 @@ static int unpack_pdb(struct aa_ext *e, struct aa_policydb **policy,
}
/* accept2 is in some cases being allocated, even with perms */
- if (pdb->perms && !pdb->dfa->tables[YYTD_ID_ACCEPT2]) {
+ if (pdb->dfa && pdb->perms && !pdb->dfa->tables[YYTD_ID_ACCEPT2]) {
/* add dfa flags table missing in v2 */
u32 noents = pdb->dfa->tables[YYTD_ID_ACCEPT]->td_lolen;
u16 tdflags = pdb->dfa->tables[YYTD_ID_ACCEPT]->td_flags;