[apparmor] [PATCH] [parsers] allow for nested alternations expressions

John Johansen john.johansen at canonical.com
Thu Sep 5 19:55:06 UTC 2013


allow for nested alternations in regex patterns

Currently alternations are limited to a single level, make it so we can
nest alternations.

Note: this is a temporary solution to the problem. Long term this routine
to convert to pcre will go away when native parsing of aare is added to
the backend.

Signed-off-by: John Johansen <john.johansen at canonical.com>

=== modified file 'documentation/AppArmor Develper 1 - Kernel Notes.odt'
Binary files documentation/AppArmor Develper 1 - Kernel Notes.odt	2013-05-02 17:57:23 +0000 and documentation/AppArmor Develper 1 - Kernel Notes.odt	2013-08-20 22:30:41 +0000 differ
=== modified file 'documentation/AppArmor Policy.odt'
Binary files documentation/AppArmor Policy.odt	2013-06-14 19:35:51 +0000 and documentation/AppArmor Policy.odt	2013-07-26 13:10:32 +0000 differ
=== modified file 'parser/parser_regex.c'
--- parser/parser_regex.c	2013-07-31 16:05:51 +0000
+++ parser/parser_regex.c	2013-09-05 19:47:59 +0000
@@ -91,7 +91,7 @@
 		_dest += _len; \
 	}
 #define update_re_pos(X) if (!(*first_re_pos)) { *first_re_pos = (X); }
-
+#define MAX_ALT_DEPTH 50
 	*first_re_pos = 0;
 
 	int ret = TRUE;
@@ -105,6 +105,7 @@
 	BOOL bEscape = 0;	/* flag to indicate escape */
 	int ingrouping = 0;	/* flag to indicate {} context */
 	int incharclass = 0;	/* flag to indicate [ ] context */
+	int grouping_count[MAX_ALT_DEPTH];
 
 	error = e_no_error;
 	ptype = ePatternBasic;	/* assume no regex */
@@ -244,13 +245,14 @@
 				/* { is a PCRE special character */
 				STORE("\\{", dptr, 2);
 			} else {
-				if (ingrouping) {
+				update_re_pos(sptr - aare);
+				ingrouping++;
+				if (ingrouping >= MAX_ALT_DEPTH) {
 					error = e_parse_error;
-					PERROR(_("%s: Illegal open {, nesting groupings not allowed\n"),
-					       progname);
+					PERROR(_("%s: Regex grouping error: Exceeded maximum nesting of {}\n"), progname);
+
 				} else {
-					update_re_pos(sptr - aare);
-					ingrouping = 1;
+					grouping_count[ingrouping] = 0;
 					ptype = ePatternRegex;
 					STORE("(", dptr, 1);
 				}
@@ -262,24 +264,18 @@
 				/* { is a PCRE special character */
 				STORE("\\}", dptr, 2);
 			} else {
-				if (ingrouping <= 1) {
-
-					error = e_parse_error;
-
-					if (ingrouping == 1) {
-						PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"),
-						       progname);
-
-						ingrouping = 0;	/* prevent further errors */
-
-					} else {	/* ingrouping == 0 */
-						PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"),
-						       progname);
-					}
-				} else {	/* ingrouping > 1 */
+				if (grouping_count[ingrouping] == 0) {
+					error = e_parse_error;
+					PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"), progname);
+
+				}
+				ingrouping--;
+				if (ingrouping < 0) {
+					error = e_parse_error;
+					PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"), progname);
 					ingrouping = 0;
-					STORE(")", dptr, 1);
 				}
+				STORE(")", dptr, 1);
 			}	/* bEscape */
 
 			break;
@@ -293,7 +289,7 @@
 				STORE(sptr, dptr, 1);
 			} else {
 				if (ingrouping) {
-					++ingrouping;
+					grouping_count[ingrouping]++;
 					STORE("|", dptr, 1);
 				} else {
 					STORE(sptr, dptr, 1);




More information about the AppArmor mailing list