Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: fix dfa size check
AppArmor dfas need a minimum of two states to be valid. State 0 is the
default trap state, and State 1 the default start state. When verifying
the dfa ensure that this is the case.
Fixes: c27c6bd2c4d6b ("apparmor: ensure that dfa state tables have entries")
Signed-off-by: John Johansen <john.johansen@canonical.com>
+1
-1
+1
-1
security/apparmor/match.c
+1
-1
security/apparmor/match.c
···
157
157
158
158
state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
159
159
trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;
160
-
if (state_count == 0)
160
+
if (state_count < 2)
161
161
goto out;
162
162
for (i = 0; i < state_count; i++) {
163
163
if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) &&