From 8f74ac02ca362d262df3c71ecdb6c6f1566cf7ed Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 7 Jul 2019 22:24:12 +0200 Subject: [PATCH] Fix crash on unbalanced parenthesis in filename convert_regexp() needs to escape '(' and ')' in filenames taken from a logfile to get rid of their special meaning, and to avoid a crash on unbalanced parenthesis (which makes the regex invalid if they are not escaped). Note: The added tests include an example log line, but the tests itsself don't/didn't trigger the crash because they don't call convert_regexp(). Fixes: https://bugs.launchpad.net/bugs/1835311 --- .../test_multi/unbalanced_parenthesis.err | 0 .../test_multi/unbalanced_parenthesis.in | 1 + .../test_multi/unbalanced_parenthesis.out | 15 +++++++++++++++ .../test_multi/unbalanced_parenthesis.profile | 4 ++++ utils/apparmor/common.py | 3 +++ 5 files changed, 23 insertions(+) create mode 100644 libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.err create mode 100644 libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.in create mode 100644 libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.out create mode 100644 libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.profile diff --git a/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.err b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.in b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.in new file mode 100644 index 000000000..7c265aca2 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.in @@ -0,0 +1 @@ +type=AVC msg=audit(1562529588.082:3153): apparmor="DENIED" operation="open" profile="unbalanced_parenthesis" name="/dev/shm/test(me" pid=888 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 diff --git a/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.out b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.out new file mode 100644 index 000000000..6d224e3dd --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.out @@ -0,0 +1,15 @@ +START +File: unbalanced_parenthesis.in +Event type: AA_RECORD_DENIED +Audit ID: 1562529588.082:3153 +Operation: open +Mask: r +Denied Mask: r +fsuid: 1000 +ouid: 1000 +Profile: unbalanced_parenthesis +Name: /dev/shm/test(me +Command: cat +PID: 888 +Epoch: 1562529588 +Audit subid: 3153 diff --git a/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.profile b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.profile new file mode 100644 index 000000000..ecd665356 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.profile @@ -0,0 +1,4 @@ +profile unbalanced_parenthesis { + owner /dev/shm/test(me r, + +} diff --git a/utils/apparmor/common.py b/utils/apparmor/common.py index 5abfec784..1091e1999 100644 --- a/utils/apparmor/common.py +++ b/utils/apparmor/common.py @@ -217,6 +217,9 @@ def hasher(): def convert_regexp(regexp): regex_paren = re.compile('^(.*){([^}]*)}(.*)$') regexp = regexp.strip() + + regexp = regexp.replace('(', '\\(').replace(')', '\\)') # escape '(' and ')' + new_reg = re.sub(r'(?