[apparmor] [PATCH] apparmor: fix validation of namespace headers
Zygmunt Krynicki
zygmunt.krynicki at canonical.com
Thu Jul 6 21:26:14 UTC 2017
The verify_header() function has code that ensures all headers in a
single data chunk passed to aa_unpack() have the same namespace. The
value pointed by the ns argument is however unconditionally set to NULL
on each invocation to verify_header(). This effectively makes the code
that checks for namespace changes from one profile to another, dead
code.
Since the only caller, aa_unpack(), already initializes *ns = NULL the
redundant initialization in verify_header() can be safely dropped.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki at canonical.com>
---
security/apparmor/policy_unpack.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 981d570eebba..ea7f2ad33b8b 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -749,7 +749,6 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
{
int error = -EPROTONOSUPPORT;
const char *name = NULL;
- *ns = NULL;
/* get the interface version */
if (!unpack_u32(e, &e->version, "version")) {
--
2.11.0
More information about the AppArmor
mailing list