The current `required` flag indicates the packed data start thus requiring the header to be unpacked at this position.
For the purposes of verify_header() refinement, rename that flag to `start` so that it can be used with this meaning in other part of the function. Found by Linux Verification Center (linuxtesting.org). Signed-off-by: Fedor Pchelkin <[email protected]> --- security/apparmor/policy_unpack.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index a91b30100b77..54f7b4346506 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1111,12 +1111,12 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) /** * verify_header - unpack serialized stream header * @e: serialized data read head (NOT NULL) - * @required: whether the header is required or optional + * @start: whether the header is located at the start of data * @ns: Returns - namespace if one is specified else NULL (NOT NULL) * * Returns: error or 0 if header is good */ -static int verify_header(struct aa_ext *e, int required, const char **ns) +static int verify_header(struct aa_ext *e, int start, const char **ns) { int error = -EPROTONOSUPPORT; const char *name = NULL; @@ -1124,7 +1124,8 @@ static int verify_header(struct aa_ext *e, int required, const char **ns) /* get the interface version */ if (!aa_unpack_u32(e, &e->version, "version")) { - if (required) { + /* the header is required at the start of data */ + if (start) { audit_iface(NULL, NULL, NULL, "invalid profile format", e, error); return error; -- 2.43.0
