summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/apparmorfs.c2
-rw-r--r--security/apparmor/policy_unpack.c7
2 files changed, 5 insertions, 4 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 2c138309ad66..424b2c1e586d 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1315,7 +1315,7 @@ SEQ_RAWDATA_FOPS(compressed_size);
static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
{
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
- if (aa_g_rawdata_compression_level == 0) {
+ if (slen < dlen) {
const size_t wksp_len = zstd_dctx_workspace_bound();
zstd_dctx *ctx;
void *wksp;
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 6deaeecb76fe..45c9dfdc8e0d 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1294,7 +1294,7 @@ static int compress_zstd(const char *src, size_t slen, char **dst, size_t *dlen)
}
out_len = zstd_compress_cctx(ctx, out, out_len, src, slen, &params);
- if (zstd_is_error(out_len)) {
+ if (zstd_is_error(out_len) || out_len >= slen) {
ret = -EINVAL;
goto cleanup;
}
@@ -1348,9 +1348,10 @@ static int compress_loaddata(struct aa_loaddata *data)
void *udata = data->data;
int error = compress_zstd(udata, data->size, &data->data,
&data->compressed_size);
- if (error)
+ if (error) {
+ data->compressed_size = data->size;
return error;
-
+ }
if (udata != data->data)
kvfree(udata);
} else
generated by cgit v1.2.3 (git 2.39.0) at 2025-02-12 20:29:40 +0300