diff options
author | Andrey Zhizhikin <andrey.z@gmail.com> | 2020-08-11 08:29:45 +0000 |
---|---|---|
committer | Andrey Zhizhikin <andrey.z@gmail.com> | 2020-08-11 08:29:45 +0000 |
commit | 14eec8a71c3e212080803c50cd9d7982e8208ec5 (patch) | |
tree | ad0bcaf840c4999bc7b6a0291116eaa57db2a103 /security | |
parent | 7da1a123ebce2005573def510c61214fc1000163 (diff) | |
parent | d811d29517d1ea05bc159579231652d3ca1c2a01 (diff) |
Merge tag 'v5.4.53' into 5.4-2.1.x-imx
This is the 5.4.53 stable release
Conflicts (manual resolve, upstream patch merged):
drivers/thermal/imx_thermal.c
Upstream patch [9025a5589c035a7328c920ed4e190c0c2f5d017d] adds missing
of_node_put call, NXP version has been adapted to accommodate this patch
into the code.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/match.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 6ccd3734a841..43669403f755 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -97,6 +97,9 @@ static struct table_header *unpack_table(char *blob, size_t bsize) th.td_flags == YYTD_DATA8)) goto out; + /* if we have a table it must have some entries */ + if (th.td_lolen == 0) + goto out; tsize = table_size(th.td_lolen, th.td_flags); if (bsize < tsize) goto out; @@ -198,6 +201,8 @@ static int verify_dfa(struct aa_dfa *dfa) state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen; + if (state_count == 0) + goto out; for (i = 0; i < state_count; i++) { if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) && (DEFAULT_TABLE(dfa)[i] >= state_count)) |