[apparmor] [PATCH] [parsers] allow for nested alternations expressions
John Johansen
john.johansen at canonical.com
Fri Sep 27 14:10:48 UTC 2013
On 09/05/2013 12:55 PM, John Johansen wrote:
> allow for nested alternations in regex patterns
>
> Currently alternations are limited to a single level, make it so we can
> nest alternations.
>
> Note: this is a temporary solution to the problem. Long term this routine
> to convert to pcre will go away when native parsing of aare is added to
> the backend.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
ping, or I'll commit
>
> === modified file 'documentation/AppArmor Develper 1 - Kernel Notes.odt'
> Binary files documentation/AppArmor Develper 1 - Kernel Notes.odt 2013-05-02 17:57:23 +0000 and documentation/AppArmor Develper 1 - Kernel Notes.odt 2013-08-20 22:30:41 +0000 differ
> === modified file 'documentation/AppArmor Policy.odt'
> Binary files documentation/AppArmor Policy.odt 2013-06-14 19:35:51 +0000 and documentation/AppArmor Policy.odt 2013-07-26 13:10:32 +0000 differ
> === modified file 'parser/parser_regex.c'
> --- parser/parser_regex.c 2013-07-31 16:05:51 +0000
> +++ parser/parser_regex.c 2013-09-05 19:47:59 +0000
> @@ -91,7 +91,7 @@
> _dest += _len; \
> }
> #define update_re_pos(X) if (!(*first_re_pos)) { *first_re_pos = (X); }
> -
> +#define MAX_ALT_DEPTH 50
> *first_re_pos = 0;
>
> int ret = TRUE;
> @@ -105,6 +105,7 @@
> BOOL bEscape = 0; /* flag to indicate escape */
> int ingrouping = 0; /* flag to indicate {} context */
> int incharclass = 0; /* flag to indicate [ ] context */
> + int grouping_count[MAX_ALT_DEPTH];
>
> error = e_no_error;
> ptype = ePatternBasic; /* assume no regex */
> @@ -244,13 +245,14 @@
> /* { is a PCRE special character */
> STORE("\\{", dptr, 2);
> } else {
> - if (ingrouping) {
> + update_re_pos(sptr - aare);
> + ingrouping++;
> + if (ingrouping >= MAX_ALT_DEPTH) {
> error = e_parse_error;
> - PERROR(_("%s: Illegal open {, nesting groupings not allowed\n"),
> - progname);
> + PERROR(_("%s: Regex grouping error: Exceeded maximum nesting of {}\n"), progname);
> +
> } else {
> - update_re_pos(sptr - aare);
> - ingrouping = 1;
> + grouping_count[ingrouping] = 0;
> ptype = ePatternRegex;
> STORE("(", dptr, 1);
> }
> @@ -262,24 +264,18 @@
> /* { is a PCRE special character */
> STORE("\\}", dptr, 2);
> } else {
> - if (ingrouping <= 1) {
> -
> - error = e_parse_error;
> -
> - if (ingrouping == 1) {
> - PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"),
> - progname);
> -
> - ingrouping = 0; /* prevent further errors */
> -
> - } else { /* ingrouping == 0 */
> - PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"),
> - progname);
> - }
> - } else { /* ingrouping > 1 */
> + if (grouping_count[ingrouping] == 0) {
> + error = e_parse_error;
> + PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"), progname);
> +
> + }
> + ingrouping--;
> + if (ingrouping < 0) {
> + error = e_parse_error;
> + PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"), progname);
> ingrouping = 0;
> - STORE(")", dptr, 1);
> }
> + STORE(")", dptr, 1);
> } /* bEscape */
>
> break;
> @@ -293,7 +289,7 @@
> STORE(sptr, dptr, 1);
> } else {
> if (ingrouping) {
> - ++ingrouping;
> + grouping_count[ingrouping]++;
> STORE("|", dptr, 1);
> } else {
> STORE(sptr, dptr, 1);
>
>
More information about the AppArmor
mailing list