diff options
| author | John Johansen <john.johansen@canonical.com> | 2026-03-01 12:24:06 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2026-06-13 20:14:07 -0700 |
| commit | ad213bbbc0e3e270ce7df2d9d80d4ce3826993d7 (patch) | |
| tree | 9b2317058c716da880c8dbaae0becf441aa5cc8e /security | |
| parent | 1adefbd0d5f5a2dafb3f1ee4537dc1db69fb29d4 (diff) | |
| download | ath-ad213bbbc0e3e270ce7df2d9d80d4ce3826993d7.tar.gz | |
apparmor: fix rawdata_f_data implicit flex array
rawdata_f_data has a blob of data that is allocated at its end but
not explicitly declared. Makes sure it is correctly declared as a
flex_rray.
Fixes: 63c16c3a76085 ("apparmor: Initial implementation of raw policy blob compression")
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/apparmorfs.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 252a7ca98a9e6..03fc18cf5fa70 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -71,10 +71,10 @@ struct rawdata_f_data { struct aa_loaddata *loaddata; + DECLARE_FLEX_ARRAY(char, data); }; #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY -#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1) static void rawdata_f_data_free(struct rawdata_f_data *private) { @@ -1436,7 +1436,7 @@ static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, struct rawdata_f_data *private = file->private_data; return simple_read_from_buffer(buf, size, ppos, - RAWDATA_F_DATA_BUF(private), + private->data, private->loaddata->size); } @@ -1469,8 +1469,7 @@ static int rawdata_open(struct inode *inode, struct file *file) private->loaddata = loaddata; error = decompress_zstd(loaddata->data, loaddata->compressed_size, - RAWDATA_F_DATA_BUF(private), - loaddata->size); + private->data, loaddata->size); if (error) goto fail_decompress; |
