aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
authorJohn Johansen <john.johansen@canonical.com>2026-03-01 12:24:06 -0800
committerJohn Johansen <john.johansen@canonical.com>2026-06-13 20:14:07 -0700
commitad213bbbc0e3e270ce7df2d9d80d4ce3826993d7 (patch)
tree9b2317058c716da880c8dbaae0becf441aa5cc8e /security
parent1adefbd0d5f5a2dafb3f1ee4537dc1db69fb29d4 (diff)
downloadath-ad213bbbc0e3e270ce7df2d9d80d4ce3826993d7.tar.gz
apparmor: fix rawdata_f_data implicit flex array
rawdata_f_data has a blob of data that is allocated at its end but not explicitly declared. Makes sure it is correctly declared as a flex_rray. Fixes: 63c16c3a76085 ("apparmor: Initial implementation of raw policy blob compression") Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/apparmorfs.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 252a7ca98a9e6..03fc18cf5fa70 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -71,10 +71,10 @@
struct rawdata_f_data {
struct aa_loaddata *loaddata;
+ DECLARE_FLEX_ARRAY(char, data);
};
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
-#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
static void rawdata_f_data_free(struct rawdata_f_data *private)
{
@@ -1436,7 +1436,7 @@ static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
struct rawdata_f_data *private = file->private_data;
return simple_read_from_buffer(buf, size, ppos,
- RAWDATA_F_DATA_BUF(private),
+ private->data,
private->loaddata->size);
}
@@ -1469,8 +1469,7 @@ static int rawdata_open(struct inode *inode, struct file *file)
private->loaddata = loaddata;
error = decompress_zstd(loaddata->data, loaddata->compressed_size,
- RAWDATA_F_DATA_BUF(private),
- loaddata->size);
+ private->data, loaddata->size);
if (error)
goto fail_decompress;