apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine

aa_dfa_unpack returns ERR_PTR not NULL when it fails, but aa_put_dfa only checks NULL for its input, which would cause invalid memory access in aa_put_dfa. Set nulldfa to NULL explicitly to fix that. Fixes: 98b824ff8984 ("apparmor: refcount the pdb") Signed-off-by: GONG Ruiqi <gongruiqi1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: GONG Ruiqi <gongruiqi1@huawei.com> 2026-04-23 06:10:56 +0300
committer: John Johansen <john.johansen@canonical.com> 2026-04-23 06:11:08 +0300
commit: 11b7df0952663f20ce72c9a22a3cf9278cf84db7 (patch)
tree: 5a568bc2a666d4d7bcf4b9cc6f73e89bc7150d5c
parent: 828bf7929bedcb79b560b5b4e44f22abee07d31b (diff)
download: linux-11b7df0952663f20ce72c9a22a3cf9278cf84db7.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 467f7ac476aa..3491e9f60194 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2456,6 +2456,7 @@ static int __init aa_setup_dfa_engine(void)
 			    TO_ACCEPT2_FLAG(YYTD_DATA32));
 	if (IS_ERR(nulldfa)) {
 		error = PTR_ERR(nulldfa);
+		nulldfa = NULL;
 		goto fail;
 	}
 	nullpdb->dfa = aa_get_dfa(nulldfa);
author	GONG Ruiqi <gongruiqi1@huawei.com>	2026-04-23 06:10:56 +0300
committer	John Johansen <john.johansen@canonical.com>	2026-04-23 06:11:08 +0300
commit	11b7df0952663f20ce72c9a22a3cf9278cf84db7 (patch)
tree	5a568bc2a666d4d7bcf4b9cc6f73e89bc7150d5c
parent	828bf7929bedcb79b560b5b4e44f22abee07d31b (diff)
download	linux-11b7df0952663f20ce72c9a22a3cf9278cf84db7.tar.xz