apparmor: Remove unnecessary size check when unpacking trans_table

The index into the trans_table has a max size of 2^24 bits which the
code was testing but this is unnecessary as unpack_array can only
unpack a table of 2^16 bits in size so the table unpacked will never
be larger than what can be indexed, and any test here is redundant.

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index ac9955e..6deaeec 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -484,9 +484,13 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_str_table *strs)
                u16 size;
                int i;
 
-               if (unpack_array(e, NULL, &size) != TRI_TRUE ||
-                   size > (1 << 24))
-                 /* currently 2^24 bits entries 0-3 */
+               if (unpack_array(e, NULL, &size) != TRI_TRUE)
+                       /*
+                        * Note: index into trans table array is a max
+                        * of 2^24, but unpack array can only unpack
+                        * an array of 2^16 in size atm so no need
+                        * for size check here
+                        */
                        goto fail;
                table = kcalloc(size, sizeof(char *), GFP_KERNEL);
                if (!table)