apparmor/kernel-patches/for-mainline/fix-named-transitions.diff

---
 security/apparmor/main.c             |    2 +-
 security/apparmor/module_interface.c |    1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -1119,7 +1119,7 @@ aa_x_to_profile(struct aa_profile *profi
 	default:
 		/* all other indexes are named transitions */
 		index = AA_EXEC_INDEX(xmode);
-		if (index - 4 > profile->exec_table_size) {
+		if (index - 4 >= profile->exec_table_size) {
 			sa->info = "invalid named transition - exec failed";
 			sa->error_code = -EACCES;
 			new_profile = ERR_PTR(-EACCES);
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -319,6 +319,7 @@ static int aa_unpack_exec_table(struct a
 			goto fail;
 		if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
 			goto fail;
+		profile->exec_table_size = size;
 	}
 	return 1;