Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...

[cascardo/linux.git] / security / apparmor / policy_unpack.c

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index a689f10..1381206 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
                        error = PTR_ERR(profile->policy.dfa);
                        profile->policy.dfa = NULL;
                        goto fail;
+               } else if (!profile->policy.dfa) {
+                       error = -EPROTO;
+                       goto fail;
                }
                if (!unpack_u32(e, &profile->policy.start[0], "start"))
                        /* default start state */
@@ -676,7 +679,7 @@ static bool verify_xindex(int xindex, int table_size)
        int index, xtype;
        xtype = xindex & AA_X_TYPE_MASK;
        index = xindex & AA_X_INDEX_MASK;
-       if (xtype == AA_X_TABLE && index > table_size)
+       if (xtype == AA_X_TABLE && index >= table_size)
                return 0;
        return 1;
 }
@@ -776,7 +779,7 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
                        goto fail_profile;
 
                error = aa_calc_profile_hash(profile, e.version, start,
-                                            e.pos - start);
+                                                    e.pos - start);
                if (error)
                        goto fail_profile;