From: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Date: Tue, 20 Jan 2026 14:24:04 +0000 (+0100)
Subject: [PATCH 02/11] apparmor: fix memory leak in verify_header
X-Git-Tag: archive/raspbian/6.19.6-2+rpi1~3^2~25
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com//%22mailto:mocancezar%40gmail.com/%22/%22http:/www.example.com/%22mailto:mocancezar%40gmail.com/%22?a=commitdiff_plain;h=e41e40417d52efe6c5569ba6272ada6812b73fef;p=linux.git

[PATCH 02/11] apparmor: fix memory leak in verify_header

The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.

Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.

Fixes: dd51c8485763 ("apparmor: provide base for multiple profiles to be replaced at once")
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Reviewed-by: Cengiz Can <cengiz.can@canonical.com>
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

Gbp-Pq: Topic bugfix/all/qsa-2026-apparmor
Gbp-Pq: Name 0002-apparmor-fix-memory-leak-in-verify_header.patch
---

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 96d44112923..c8b3266be8b 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1177,7 +1177,6 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
 {
 	int error = -EPROTONOSUPPORT;
 	const char *name = NULL;
-	*ns = NULL;
 
 	/* get the interface version */
 	if (!aa_unpack_u32(e, &e->version, "version")) {