apparmor: Fix an error code in verify_table_headers()

We accidentally return a positive EPROTO instead of a negative -EPROTO.
Since 71 is not an error pointer, that means it eventually results in an
Oops in the caller.

Fixes: d901d6a298dc ("apparmor: dfa split verification of table headers")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index dd4c995c5e252858cc3e281fed94660d1a556a5e..280eba082c7bfbb05b0c96d8d4bd7aa3e604a7a8 100644 (file)
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -198,7 +198,7 @@ out:
 static int verify_dfa(struct aa_dfa *dfa)
 {
        size_t i, state_count, trans_count;
-       int error = EPROTO;
+       int error = -EPROTO;
 
        state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
        trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;