[apparmor] [patch 3/5] parser: convert process_mnt_entrys typebuf to std::string

Seth Arnold seth.arnold at canonical.com
Thu Dec 12 08:37:03 UTC 2013 

On Mon, Dec 09, 2013 at 12:37:12PM -0800, Steve Beattie wrote:
> This patch addresses the FIXMEs from the last patch by converting
> process_mnt_entry's typebuf from a char[] to std::string. As a side
> effect, the code in build_list_val_expr() is greatly simplified.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> ---
>  parser/parser_regex.c |   61 +++++++++++++-------------------------------------
>  1 file changed, 17 insertions(+), 44 deletions(-)
> 
> Index: b/parser/parser_regex.c
> ===================================================================
> --- a/parser/parser_regex.c
> +++ b/parser/parser_regex.c
> @@ -627,54 +627,30 @@ out:
>  	return error;
>  }
>  
> -static int build_list_val_expr(char *buffer, int size, struct value_list *list)
> +static int build_list_val_expr(std::string& buffer, struct value_list *list)
>  {
>  	struct value_list *ent;
> -	std::string tmp;
> -	char *p;
> -	int len;
>  	pattern_t ptype;
>  	int pos;
>  
>  	if (!list) {
> -		strncpy(buffer, "[^\\000]*", size);
> +		buffer.append("[^\\000]*");
>  		return TRUE;
>  	}
>  
> -	p = buffer;
> -	strncpy(p, "(", size - (p - buffer));
> -	p++;
> -	if (p > buffer + size)
> -		goto fail;
> +	buffer.append("(");
>  
> -	ptype = convert_aaregex_to_pcre(list->value, 0, tmp, &pos);
> +	ptype = convert_aaregex_to_pcre(list->value, 0, buffer, &pos);
>  	if (ptype == ePatternInvalid)
>  		goto fail;
>  
> -	len = tmp.length();
> -	if (len > size - (p - buffer))
> -		goto fail;
> -	strcpy(p, tmp.c_str());
> -	p += len;
> -
>  	list_for_each(list->next, ent) {
> -		tmp.clear();
> -		ptype = convert_aaregex_to_pcre(ent->value, 0, tmp, &pos);
> +		buffer.append("|");
> +		ptype = convert_aaregex_to_pcre(ent->value, 0, buffer, &pos);
>  		if (ptype == ePatternInvalid)
>  			goto fail;
> -
> -		strncpy(p, "|", size - (p - buffer));
> -		p++;
> -		len = tmp.length();
> -		if (len > size - (p - buffer))
> -			goto fail;
> -		strcpy(p, tmp.c_str());
> -		p += len;
>  	}
> -	strncpy(p, ")", size - (p - buffer));
> -	p++;
> -	if (p > buffer + size)
> -		goto fail;
> +	buffer.append(")");
>  
>  	return TRUE;
>  fail:
> @@ -768,7 +744,7 @@ static int process_mnt_entry(aare_rulese
>  {
>  	std::string mntbuf;
>  	std::string devbuf;
> -	char typebuf[PATH_MAX + 3];
> +	std::string typebuf;
>  	char flagsbuf[PATH_MAX + 3];
>  	std::string optsbuf;
>  	char class_mount_hdr[64];
> @@ -845,7 +821,6 @@ static int process_mnt_entry(aare_rulese
>  	if ((entry->allow & AA_MAY_MOUNT) && (entry->flags & MS_BIND)
>  	    && !entry->dev_type && !entry->opts) {
>  		/* bind mount rules can't be conditional on dev_type or data */
> -		std::string tmpbuf;
>  		/* rule class single byte header */
>  		mntbuf.assign(class_mount_hdr);
>  		if (!convert_entry(mntbuf, entry->mnt_point))
> @@ -855,11 +830,10 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
> -		/* FIXME: when typebuf gets converted to std::string,
> -		 * switch tmpbuf back to typebuf */
> -		if (!convert_entry(tmpbuf, NULL))
> +		typebuf.clear();
> +		if (!convert_entry(typebuf, NULL))
>  			goto fail;
> -		vec[2] = tmpbuf.c_str();
> +		vec[2] = typebuf.c_str();
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -912,7 +886,6 @@ static int process_mnt_entry(aare_rulese
>  		/* mount move rules can not be conditional on dev_type,
>  		 * or data
>  		 */
> -		std::string tmpbuf;
>  		/* rule class single byte header */
>  		mntbuf.assign(class_mount_hdr);
>  		if (!convert_entry(mntbuf, entry->mnt_point))
> @@ -923,11 +896,10 @@ static int process_mnt_entry(aare_rulese
>  			goto fail;
>  		vec[1] = devbuf.c_str();
>  		/* skip type */
> -		/* FIXME: when typebuf gets converted to std::string,
> -		 * switch tmpbuf back to typebuf */
> -		if (!convert_entry(tmpbuf, NULL))
> +		typebuf.clear();
> +		if (!convert_entry(typebuf, NULL))
>  			goto fail;
> -		vec[2] = tmpbuf.c_str();
> +		vec[2] = typebuf.c_str();
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> @@ -958,9 +930,10 @@ static int process_mnt_entry(aare_rulese
>  		if (!convert_entry(devbuf, entry->device))
>  			goto fail;
>  		vec[1] = devbuf.c_str();
> -		if (!build_list_val_expr(typebuf, PATH_MAX+2, entry->dev_type))
> +		typebuf.clear();
> +		if (!build_list_val_expr(typebuf, entry->dev_type))
>  			goto fail;
> -		vec[2] = typebuf;
> +		vec[2] = typebuf.c_str();
>  
>  		flags = entry->flags;
>  		inv_flags = entry->inv_flags;
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131212/db5878e1/attachment-0001.pgp>

More information about the AppArmor mailing list