mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Fix a missing case in the pcre-expression parsing "\\"

Browse Source 
Change the globbing conversion to include [^\x00].  This reduces cases of
artifical overlap between globbing rules, and link rules.  Link rules
are encoded to use a \0 char to seperate the 2 match parts of the rule.

Before this fix a glob * or ** could match against the \0 seperator
resulting the generation of dfa states for that overlap.  This of course
can never happen as \0 is not a valid path name character.

In one example stress policy when adding the rule
  owner /** rwl,
this change made the difference between having a dfa with 55152 states
and one with 30019
This commit is contained in:
John Johansen
2008-12-04 10:44:02 +00:00
parent 037d7b5a57
commit 5148942b90
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
parser/parser_regex.c
View File

@@ -212,7 +212,7 @@ static pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,
while (*s == '*')
s++;
if (*s == '/' || !*s) {
STORE("[^/]", dptr, 4);
STORE("[^/\\x00]", dptr, 8);
}
}
if (*(sptr + 1) == '*') {
@@ -229,11 +229,11 @@ static pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,
ptype = ePatternRegex;
}
STORE(".*", dptr, 2);
STORE("[^\\x00]*", dptr, 8);
sptr++;
} else {
ptype = ePatternRegex;
STORE("[^/]*", dptr, 5);
STORE("[^/\\x00]*", dptr, 9);
} /* *(sptr+1) == '*' */
} /* bEscape */
@@ -248,7 +248,7 @@ static pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,
STORE(sptr, dptr, 1);
} else {
ptype = ePatternRegex;
STORE("[^/]", dptr, 4);
STORE("[^/\\x00]", dptr, 8);
}
break;