@@ -57,17 +57,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
if (bsize < tsize)
goto out;
- /* Pad table allocation for next/check by 256 entries to remain
- * backwards compatible with old (buggy) tools and remain safe without
- * run time checks
- */
- if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK)
- tsize += 256 * th.td_flags;
-
table = kvmalloc(tsize);
if (table) {
- /* ensure the pad is clear, else there will be errors */
- memset(table, 0, tsize);
*table = th;
if (th.td_flags == YYTD_DATA8)
UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
@@ -143,19 +134,11 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
goto out;
if (flags & DFA_FLAG_VERIFY_STATES) {
- int warning = 0;
for (i = 0; i < state_count; i++) {
if (DEFAULT_TABLE(dfa)[i] >= state_count)
goto out;
/* TODO: do check that DEF state recursion terminates */
if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
- if (warning)
- continue;
- printk(KERN_WARNING "AppArmor DFA next/check "
- "upper bounds error fixed, upgrade "
- "user space tools \n");
- warning = 1;
- } else if (BASE_TABLE(dfa)[i] >= trans_count) {
printk(KERN_ERR "AppArmor DFA next/check upper "
"bounds error\n");
goto out;