[PATCH 5.10.y] apparmor: fix memory leak in verify_header

[Li hongliang]

From: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>

[ Upstream commit e38c55d9f834e5b848bfed0f5c586aaf45acb825 ]

The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.

Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.

Fixes: dd51c8485763 ("apparmor: provide base for multiple profiles to be replaced at once")
Reported-by: Qualys Security Advisory <qsa at qualys.com>
Tested-by: Salvatore Bonaccorso <carnil at debian.org>
Reviewed-by: Georgia Garcia <georgia.garcia at canonical.com>
Reviewed-by: Cengiz Can <cengiz.can at canonical.com>
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
Signed-off-by: John Johansen <john.johansen at canonical.com>
Signed-off-by: Li hongliang <1468888505 at 139.com>
---
 security/apparmor/policy_unpack.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 93fcafdaa548..5ea8c14f5eac 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -959,7 +959,6 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
 {
 	int error = -EPROTONOSUPPORT;
 	const char *name = NULL;
-	*ns = NULL;
 
 	/* get the interface version */
 	if (!unpack_u32(e, &e->version, "version")) {
-- 
2.34.1