[apparmor] PATCH [1/6] - Stop flex from dumping to stdout when audit_id doesn't parse as expected

[John Johansen]

On 09/09/2010 02:07 PM, Steve Beattie wrote:
> On Thu, Sep 09, 2010 at 08:30:52AM -0700, John Johansen wrote:
>> The scanner will dump unmatched text from <audit_id> is encountered.
>>
ACK

>>
>> Index: libapparmor/src/scanner.l
>> ===================================================================
>> --- libapparmor.orig/src/scanner.l	2010-09-09 08:13:42.334193402 -0700
>> +++ libapparmor/src/scanner.l	2010-09-09 08:13:46.584193399 -0700
>> @@ -194,6 +194,7 @@
>>  	{period}		{ return(TOK_PERIOD); }
>>  	{open_paren}		{ return(TOK_OPEN_PAREN); }
>>  	{close_paren}		{ yy_pop_state(yyscanner); return(TOK_CLOSE_PAREN); }
>> +	.			{ BEGIN(unknown_message); yyless(0); /* dump the rest */ }
>>  }
>>  
>>  <sub_id>{
> 
> ACK from me for 2.5.1, here's a (bzr diff generated) patch for a testcase to cover this:
> 
> === added file 'libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.in'
> --- libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.in	1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.in	2010-09-09 20:55:19 +0000
> @@ -0,0 +1,1 @@
> +type=AVC msg=audit(12799========================8288.415:39): apparmor="DENIED" operation="open" parent=12332 profile="/usr/sbin/cupsd" name="/home/user/.ssh/" pid=12333 comm="ls" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
> 
> === added file 'libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.out'
> --- libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.out	1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/avc_audit_invalid_audit_id.out	2010-09-09 20:57:49 +0000
> @@ -0,0 +1,5 @@
> +START
> +File: test_multi/avc_audit_invalid_audit_id.in
> +Event type: AA_RECORD_INVALID
> +Epoch: 0
> +Audit subid: 0
> 
> 
>