apparmor: fix signedness bug in unpack_tags()

m-pellizzer · jrjohansen · commit 08020dbe3125 · 2026-02-18T11:50:20.000-08:00
Smatch static checker warning: security/apparmor/policy_unpack.c:966 unpack_pdb() warn: unsigned 'unpack_tags(e, &pdb->tags, info)' is never less than zero. unpack_tags() is declared with return type size_t (unsigned) but returns negative errno values on failure. The caller in unpack_pdb() tests the return with `< 0`, which is always false for an unsigned type, making error handling dead code. Malformed tag data would be silently accepted instead of causing a load failure. Change return type of unpack_tags() from size_t to int to match the functions's actual semantic. Fixes: 3d28e23 ("apparmor: add support loading per permission tagging") Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Massimiliano Pellizzer <mpellizzer.dev@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
@@ -835,7 +835,7 @@ static int unpack_tag_headers(struct aa_ext *e, struct aa_tags_struct *tags)
 }
 
 
-static size_t unpack_tags(struct aa_ext *e, struct aa_tags_struct *tags,
+static int unpack_tags(struct aa_ext *e, struct aa_tags_struct *tags,
 	const char **info)
 {
 	int error = -EPROTO;

Original file line number	Diff line number	Diff line change
`@@ -835,7 +835,7 @@ static int unpack_tag_headers(struct aa_ext e, struct aa_tags_struct tags)`
`835`	`835`	`}`
`836`	`836`
`837`	`837`
`838`		`-static size_t unpack_tags(struct aa_ext e, struct aa_tags_struct tags,`
	`838`	`+static int unpack_tags(struct aa_ext e, struct aa_tags_struct tags,`
`839`	`839`	`const char **info)`
`840`	`840`	`{`
`841`	`841`	`int error = -EPROTO;`