apparmor: fix unpack_tags to properly return error in failure cases

error is initialized to -EPROTO but set by some of the internal functions, unfortunately the last two checks assume error is set to -EPROTO already for the failure case. Ensure it is by setting it before these checks. Fixes: 3d28e2397af7a ("apparmor: add support loading per permission tagging") Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2026-04-14 05:56:26 +0300
committer: John Johansen <john.johansen@canonical.com> 2026-04-23 06:02:46 +0300
commit: 72971e6f745ad5c366629b0affbe3a6b619dcd8b (patch)
tree: 71d5a096e65177064b7db38eb1c16574d3b2d17d
parent: f17b68f0c33ff184713c356cd024035d437bac8c (diff)
download: linux-72971e6f745ad5c366629b0affbe3a6b619dcd8b.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index ff517bc7e275..dd445c25f8e9 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -863,6 +863,7 @@ static int unpack_tags(struct aa_ext *e, struct aa_tags_struct *tags,
 			*info = "failed to unpack profile tag.sets";
 			goto fail;
 		}
+		error = -EPROTO;
 		if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL))
 			goto fail;
author	John Johansen <john.johansen@canonical.com>	2026-04-14 05:56:26 +0300
committer	John Johansen <john.johansen@canonical.com>	2026-04-23 06:02:46 +0300
commit	72971e6f745ad5c366629b0affbe3a6b619dcd8b (patch)
tree	71d5a096e65177064b7db38eb1c16574d3b2d17d
parent	f17b68f0c33ff184713c356cd024035d437bac8c (diff)
download	linux-72971e6f745ad5c366629b0affbe3a6b619dcd8b.tar.xz