apparmor: fix missing error check for rhashtable_insert_fast

 rhashtable_insert_fast() could return err value when memory allocation is
 failed. but unpack_profile() do not check values and this always returns
 success value. This patch just adds error check code.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: e025be0f26d5 ("apparmor: support querying extended trusted helper extra data")

Signed-off-by: Danila Chernetsov <listdansp@mail.ru>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 70caa44..22137fe 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1035,8 +1035,13 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
                                goto fail;
                        }
 
-                       rhashtable_insert_fast(profile->data, &data->head,
-                                              profile->data->p);
+                       if (rhashtable_insert_fast(profile->data, &data->head,
+                                                  profile->data->p)) {
+                               kfree_sensitive(data->key);
+                               kfree_sensitive(data);
+                               info = "failed to insert data to table";
+                               goto fail;
+                       }
                }
 
                if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) {