From c9ed9900161ac6dd4c4c5df25c7c490c8e2f2ee4 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 15 Apr 2014 15:01:05 -0700
Subject: [PATCH] fix failure paths around policy that can result in a crash

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
---
 parser/parser_regex.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index b8eadf654..a6d11ff1d 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -712,6 +712,9 @@ int process_profile_policydb(Profile *prof)
 		prof->policy.rules = NULL;
 		if (!prof->policy.dfa)
 			goto out;
+	} else {
+		aare_delete_ruleset(prof->policy.rules);
+		prof->policy.rules = NULL;
 	}
 
 	aare_reset_matchflags();
@@ -719,6 +722,9 @@ int process_profile_policydb(Profile *prof)
 	error = 0;
 
 out:
+	aare_delete_ruleset(prof->policy.rules);
+	prof->policy.rules = NULL;
+
 	return error;
 }