parser: fix filter slashes for profile attachments

The parser is failing to properly filter the slashes in the profile attachment after variable expansion. Causing matche failures when multiple slashes occur. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/154 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/727 Reported-by: Mikhail Morfikov <mmorfikov@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: time out
2025-09-01 23:05:11 +00:00 · 2021-03-16 03:44:19 -07:00
parent 71bf9e132f
commit be0d2fa947
2 changed files with 24 additions and 6 deletions
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -468,20 +468,26 @@ static int process_profile_name_xmatch(Profile *prof)
 {
 	std::string tbuf;
 	pattern_t ptype;
-	const char *name;
+	char *name;

 	struct cond_entry *entry;
 	const char *xattr_value;

-	/* don't filter_slashes for profile names */
-	if (prof->attachment)
+	if (prof->attachment) {
 		name = prof->attachment;
-	else
-		name = local_name(prof->name);
+	} else {
+		/* don't filter_slashes for profile names, do on attachment */
+		name = strdup(local_name(prof->name));
+		if (!name)
+			return FALSE;
+	}
+	filter_slashes(name);
 	ptype = convert_aaregex_to_pcre(name, 0, glob_default, tbuf,
 					&prof->xmatch_len);
 	if (ptype == ePatternBasic)
 		prof->xmatch_len = strlen(name);
+	if (!prof->attachment)
+		free(name);

 	if (ptype == ePatternInvalid) {
 		PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name);
@@ -505,6 +511,7 @@ static int process_profile_name_xmatch(Profile *prof)
 			list_for_each(prof->altnames, alt) {
 				int len;
 				tbuf.clear();
+				filter_slashes(alt->name);
 				ptype = convert_aaregex_to_pcre(alt->name, 0,
 								glob_default,
 								tbuf, &len);