2 files changed, 5 insertions, 4 deletions

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 2c138309ad66..424b2c1e586d 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1315,7 +1315,7 @@ SEQ_RAWDATA_FOPS(compressed_size);
 static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
 {
 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
-	if (aa_g_rawdata_compression_level == 0) {
+	if (slen < dlen) {
 		const size_t wksp_len = zstd_dctx_workspace_bound();
 		zstd_dctx *ctx;
 		void *wksp;
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 6deaeecb76fe..45c9dfdc8e0d 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1294,7 +1294,7 @@ static int compress_zstd(const char *src, size_t slen, char **dst, size_t *dlen)
 	}
 
 	out_len = zstd_compress_cctx(ctx, out, out_len, src, slen, &params);
-	if (zstd_is_error(out_len)) {
+	if (zstd_is_error(out_len) || out_len >= slen) {
 		ret = -EINVAL;
 		goto cleanup;
 	}
@@ -1348,9 +1348,10 @@ static int compress_loaddata(struct aa_loaddata *data)
 		void *udata = data->data;
 		int error = compress_zstd(udata, data->size, &data->data,
 					  &data->compressed_size);
-		if (error)
+		if (error) {
+			data->compressed_size = data->size;
 			return error;
-
+		}
 		if (udata != data->data)
 			kvfree(udata);
 	} else