[PATCH 04/13] Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace"

[John Johansen]

This reverts commit cf3b09109ac63011e3a39b5429d22f427b1e16c9.
---
 security/apparmor/match.c |   17 -----------------
 1 files changed, 0 insertions(+), 17 deletions(-)

diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 081491e..94de6b4 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -57,17 +57,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
 	if (bsize < tsize)
 		goto out;
 
-	/* Pad table allocation for next/check by 256 entries to remain
-	 * backwards compatible with old (buggy) tools and remain safe without
-	 * run time checks
-	 */
-	if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK)
-		tsize += 256 * th.td_flags;
-
 	table = kvmalloc(tsize);
 	if (table) {
-		/* ensure the pad is clear, else there will be errors */
-		memset(table, 0, tsize);
 		*table = th;
 		if (th.td_flags == YYTD_DATA8)
 			UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
@@ -143,19 +134,11 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
 		goto out;
 
 	if (flags & DFA_FLAG_VERIFY_STATES) {
-		int warning = 0;
 		for (i = 0; i < state_count; i++) {
 			if (DEFAULT_TABLE(dfa)[i] >= state_count)
 				goto out;
 			/* TODO: do check that DEF state recursion terminates */
 			if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
-				if (warning)
-					continue;
-				printk(KERN_WARNING "AppArmor DFA next/check "
-				       "upper bounds error fixed, upgrade "
-				       "user space tools \n");
-				warning = 1;
-			} else if (BASE_TABLE(dfa)[i] >= trans_count) {
 				printk(KERN_ERR "AppArmor DFA next/check upper "
 				       "bounds error\n");
 				goto out;
-- 
1.7.5.4