Merge Small fixset 2 for parser code nits

Signed-off-by: Ryan Lee <ryan.lee@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1422 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-08-22 18:17:09 +00:00 · 2024-11-15 00:31:57 +00:00 · 2024-11-15 00:31:57 +00:00 · 48bf4d1df9
commit 48bf4d1df9
parent 95c648c0d2 ae5a16bfd1
4 changed files with 12 additions and 27 deletions
--- a/parser/libapparmor_re/chfa.cc
+++ b/parser/libapparmor_re/chfa.cc
@ -25,6 +25,8 @@
 #include <iostream>
 #include <fstream>
 #include <limits>
 #include <arpa/inet.h>
 #include <stdio.h>
 #include <string.h>
@ -587,10 +589,11 @@ void CHFA::weld_file_to_policy(CHFA &file_chfa, size_t &new_start,
 		//           to repeat
 		assert(accept.size() == old_base_size);
 		accept.resize(accept.size() + file_chfa.accept.size());
-		size_t size = policy_perms.size();
+		assert(policy_perms.size() < std::numeric_limits<ssize_t>::max());
 		ssize_t size = (ssize_t) policy_perms.size();
 		policy_perms.resize(size*2 + file_perms.size());
 		// shift and double the policy perms
-		for (size_t i = size - 1; size >= 0; i--) {
+		for (ssize_t i = size - 1; i >= 0; i--) {
 			policy_perms[i*2] = policy_perms[i];
 			policy_perms[i*2 + 1] = policy_perms[i];
 		}
--- a/parser/mount.cc
+++ b/parser/mount.cc
@ -349,7 +349,8 @@ int is_valid_mnt_cond(const char *name, int src)
 static unsigned int extract_flags(struct value_list **list, unsigned int *inv)
 {
 	unsigned int flags = 0, invflags = 0;
-	*inv = 0;
+	if (inv)
 		*inv = 0;
 	struct value_list *entry, *tmp, *prev = NULL;
 	list_for_each_safe(*list, entry, tmp) {
@ -362,11 +363,7 @@ static unsigned int extract_flags(struct value_list **list, unsigned int *inv)
 			       " => req: 0x%x inv: 0x%x\n",
 			       entry->value, mnt_opts_table[i].set,
 			       mnt_opts_table[i].clear, flags, invflags);
-			if (prev)
+			list_remove_at(*list, prev, entry);
 				prev->next = tmp;
 			if (entry == *list)
 				*list = tmp;
 			entry->next = NULL;
 			free_value_list(entry);
 		} else
 			prev = entry;
--- a/parser/parser.h
+++ b/parser/parser.h
@ -242,17 +242,6 @@ do {						\
 	len;			\
 })
 #define list_find_prev(LIST, ENTRY)	\
 ({					\
 	typeof(ENTRY) tmp, prev = NULL;	\
 	list_for_each((LIST), tmp) {	\
 		if (tmp == (ENTRY))	\
 			break;		\
 		prev = tmp;		\
 	}				\
 	prev;				\
 })
 #define list_pop(LIST)				\
 ({						\
 	typeof(LIST) _entry = (LIST);		\
@ -270,12 +259,6 @@ do {						\
 		(LIST) = (ENTRY)->next;				\
 	(ENTRY)->next = NULL;					\
 #define list_remove(LIST, ENTRY)				\
 do {								\
 	typeof(ENTRY) prev = list_find_prev((LIST), (ENTRY));	\
 	list_remove_at((LIST), prev, (ENTRY));			\
 } while (0)
 #define DUP_STRING(orig, new, field, fail_target) \
 	do {									\
--- a/parser/parser_alias.c
+++ b/parser/parser_alias.c
@ -142,8 +142,10 @@ static void process_entries(const void *nodep, VISIT value, int level unused)
 		}
 		if (dup) {
 			dup->alias_ignore = true;
-			/* adds to the front of the list, list iteratition
+			/* The original entry->next is in dup->next, so we don't lose
-			 * will skip it
+			 * any of the original elements of the linked list. Also, by
 			 * setting dup->alias_ignore, we trigger the check at the start
 			 * of the loop, skipping the new entry we just inserted.
 			 */
 			entry->next = dup;