mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

parser: net_find_af_name: do not assume that address families are consecutive,

Browse Source 
remove unused net_find_af_val function, and network_families array
Merge from trunk commit 2888.

net_find_af_name: do not assume that address families are consecutive

The network_families array is automatically built from AF_NAMES, which is
extracted from the defines in <bits/socket.h>. The code assumes that
network_families is indexed by the AF defines. However, since the
defines are sparse, and the gaps in the array are not packed with
zeroes, the array is shorter than expected, and the indexing is wrong.

When this function was written, the network families that were
covered might well have been consecutive, but this is no longer true:
there's a gap between AF_LLC (26) and AF_CAN (29).

This assumption caused a crash in our testing while parsing the rule
"network raw".

Remove unused net_find_af_val function, and network_families array

Like net_find_af_name, this assumed that AF_* values were consecutive.

Patches from Philip Withnall and Simon McVittie.
This commit is contained in:
Philip Withnall
2015-03-03 12:04:13 -08:00
committed by Steve Beattie
parent 586222c94e
commit 29b0634f34
2 changed files with 9 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
parser/network.c
View File

@@ -321,31 +321,19 @@ struct aa_network_entry *network_entry(const char *family, const char *type,
#define ALL_TYPES 0x43e
/* another case of C++ not supporting non-trivial designated initializers */
#undef AA_GEN_NET_ENT
#define AA_GEN_NET_ENT(name, AF) name, /* [AF] = name, */
static const char *network_families[] = {
#include "af_names.h"
};
int net_find_af_val(const char *af)
{
int i;
for (i = 0; network_families[i]; i++) {
if (strcmp(network_families[i], af) == 0)
return i;
}
return -1;
}
const char *net_find_af_name(unsigned int af)
{
int i;
if (af < 0 || af > get_af_max())
return NULL;
return network_families[af];
for (i = 0; i < sizeof(network_mappings) / sizeof(*network_mappings); i++) {
if (network_mappings[i].family == af)
return network_mappings[i].family_name;
}
return NULL;
}
void __debug_network(unsigned int *array, const char *name)
@@ -375,7 +363,7 @@ void __debug_network(unsigned int *array, const char *name)
for (i = 0; i < af_max; i++) {
if (array[i]) {
const char *fam = network_families[i];
const char *fam = net_find_af_name(i);
if (fam)
printf("%s ", fam);
else

1
parser/network.h
View File

@@ -125,7 +125,6 @@ struct network {
int net_find_type_val(const char *type);
const char *net_find_type_name(int type);
int net_find_af_val(const char *af);
const char *net_find_af_name(unsigned int af);
const struct network_tuple *net_find_mapping(const struct network_tuple *map,
const char *family,