[apparmor] [PATCH] [parsers] allow for nested alternations expressions
John Johansen
john.johansen at canonical.com
Thu Sep 5 19:55:06 UTC 2013
allow for nested alternations in regex patterns
Currently alternations are limited to a single level, make it so we can
nest alternations.
Note: this is a temporary solution to the problem. Long term this routine
to convert to pcre will go away when native parsing of aare is added to
the backend.
Signed-off-by: John Johansen <john.johansen at canonical.com>
=== modified file 'documentation/AppArmor Develper 1 - Kernel Notes.odt'
Binary files documentation/AppArmor Develper 1 - Kernel Notes.odt 2013-05-02 17:57:23 +0000 and documentation/AppArmor Develper 1 - Kernel Notes.odt 2013-08-20 22:30:41 +0000 differ
=== modified file 'documentation/AppArmor Policy.odt'
Binary files documentation/AppArmor Policy.odt 2013-06-14 19:35:51 +0000 and documentation/AppArmor Policy.odt 2013-07-26 13:10:32 +0000 differ
=== modified file 'parser/parser_regex.c'
--- parser/parser_regex.c 2013-07-31 16:05:51 +0000
+++ parser/parser_regex.c 2013-09-05 19:47:59 +0000
@@ -91,7 +91,7 @@
_dest += _len; \
}
#define update_re_pos(X) if (!(*first_re_pos)) { *first_re_pos = (X); }
-
+#define MAX_ALT_DEPTH 50
*first_re_pos = 0;
int ret = TRUE;
@@ -105,6 +105,7 @@
BOOL bEscape = 0; /* flag to indicate escape */
int ingrouping = 0; /* flag to indicate {} context */
int incharclass = 0; /* flag to indicate [ ] context */
+ int grouping_count[MAX_ALT_DEPTH];
error = e_no_error;
ptype = ePatternBasic; /* assume no regex */
@@ -244,13 +245,14 @@
/* { is a PCRE special character */
STORE("\\{", dptr, 2);
} else {
- if (ingrouping) {
+ update_re_pos(sptr - aare);
+ ingrouping++;
+ if (ingrouping >= MAX_ALT_DEPTH) {
error = e_parse_error;
- PERROR(_("%s: Illegal open {, nesting groupings not allowed\n"),
- progname);
+ PERROR(_("%s: Regex grouping error: Exceeded maximum nesting of {}\n"), progname);
+
} else {
- update_re_pos(sptr - aare);
- ingrouping = 1;
+ grouping_count[ingrouping] = 0;
ptype = ePatternRegex;
STORE("(", dptr, 1);
}
@@ -262,24 +264,18 @@
/* { is a PCRE special character */
STORE("\\}", dptr, 2);
} else {
- if (ingrouping <= 1) {
-
- error = e_parse_error;
-
- if (ingrouping == 1) {
- PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"),
- progname);
-
- ingrouping = 0; /* prevent further errors */
-
- } else { /* ingrouping == 0 */
- PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"),
- progname);
- }
- } else { /* ingrouping > 1 */
+ if (grouping_count[ingrouping] == 0) {
+ error = e_parse_error;
+ PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"), progname);
+
+ }
+ ingrouping--;
+ if (ingrouping < 0) {
+ error = e_parse_error;
+ PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"), progname);
ingrouping = 0;
- STORE(")", dptr, 1);
}
+ STORE(")", dptr, 1);
} /* bEscape */
break;
@@ -293,7 +289,7 @@
STORE(sptr, dptr, 1);
} else {
if (ingrouping) {
- ++ingrouping;
+ grouping_count[ingrouping]++;
STORE("|", dptr, 1);
} else {
STORE(sptr, dptr, 1);
More information about the AppArmor
mailing list