apparmor: add missing failure check in compute_xmatch_perms

Add check for failure to allocate the permission table. Fixes: caa9f579ca72 ("apparmor: isolate policy backwards compatibility to its own file") Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2023-04-14 00:24:47 -0700
committer: John Johansen <john.johansen@canonical.com> 2023-07-06 10:58:49 -0700
commit: 6600e9f692e36e265ef0828f08337fa294bb330f (patch)
tree: 8975dd52396351548f93dcb8eacc87d998e32c74 /security/apparmor
parent: 000518bc5aef25d3f703592a0296d578c98b1517 (diff)
download: linux-6600e9f692e36e265ef0828f08337fa294bb330f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/policy_compat.c b/security/apparmor/policy_compat.c
index 9e52e218bf308..b2ec7fb04e831 100644
--- a/security/apparmor/policy_compat.c
+++ b/security/apparmor/policy_compat.c
@@ -180,6 +180,8 @@ static struct aa_perms *compute_xmatch_perms(struct aa_dfa *xmatch)
 	state_count = xmatch->tables[YYTD_ID_BASE]->td_lolen;
 	/* DFAs are restricted from having a state_count of less than 2 */
 	perms = kvcalloc(state_count, sizeof(struct aa_perms), GFP_KERNEL);
+	if (!perms)
+		return NULL;
 
 	/* zero init so skip the trap state (state == 0) */
 	for (state = 1; state < state_count; state++)
author	John Johansen <john.johansen@canonical.com>	2023-04-14 00:24:47 -0700
committer	John Johansen <john.johansen@canonical.com>	2023-07-06 10:58:49 -0700
commit	6600e9f692e36e265ef0828f08337fa294bb330f (patch)
tree	8975dd52396351548f93dcb8eacc87d998e32c74 /security/apparmor
parent	000518bc5aef25d3f703592a0296d578c98b1517 (diff)
download	linux-6600e9f692e36e265ef0828f08337fa294bb330f.tar.gz