mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Require matched mode strings to terminate

Browse Source 
mode strings overlap with other potential commands, or strings, and as
currently written can be match as a leading substring of an ID.  Eliminate
the leading substring case by requiring that for a mode string to be
recognized it must be terminated by whitespace, eol, eof, or
comma (end of rule).

The other cases where modes string overlap are ambiguous and the ID should
be quoted to remove the ambiguity.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
This commit is contained in:
John Johansen 2012-02-16 07:56:53 -08:00
parent def8c20168
commit 8a3edd677c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
parser/parser_lex.l
View File

@ -540,7 +540,7 @@ LT_EQUAL <=
return TOK_ID; return TOK_ID;
} }
{MODES} { ({MODES})/([[:space:],]) {
DUMP_PREPROCESS; DUMP_PREPROCESS;
yylval.mode = strdup(yytext); yylval.mode = strdup(yytext);
PDEBUG("Found modes: %s\n", yylval.mode); PDEBUG("Found modes: %s\n", yylval.mode);