[apparmor] [PATCH] apparmor: fix incorrect success return value in unpack_tag_headers()

[John Johansen]

On 2/10/26 09:21, Massimiliano Pellizzer wrote:
> unpack_tag_headers() returns `true` (1) on success instead of 0.
> Since it's caller unpack_tags() checks the return value with
> `if (error)`, a non-zero success value is incorrectly treated as
> a failure, causing tag header unpacking to always even if the data
> is well-formed.
> 
> Change the success return in unpack_tag_headers() from `true` to 0.
> 
> Fixes: 3d28e2397af7 ("apparmor: add support loading per permission tagging")
> Signed-off-by: Massimiliano Pellizzer <mpellizzer.dev at gmail.com>

sorry, my reply to this seems to have failed. This was pulled in for the
7.0 PR

Acked-by: John Johansen <john.johansen at canonical.com>


> ---
>   security/apparmor/policy_unpack.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index dc908e1f5a88..221208788025 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -825,7 +825,7 @@ static int unpack_tag_headers(struct aa_ext *e, struct aa_tags_struct *tags)
>   	tags->hdrs.size = size;
>   	tags->hdrs.table = hdrs;
>   	AA_DEBUG(DEBUG_UNPACK, "headers %ld size %d", (long) hdrs, size);
> -	return true;
> +	return 0;
>   
>   fail:
>   	kfree_sensitive(hdrs);