mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Merge branch 'cboltz-unbalanced-parenthesis' into 'master'

Browse Source 
Fix crash on unbalanced parenthesis in filename

See merge request apparmor/apparmor!402

Seth Arnold <seth.arnold@canonical.com> for 2.10..master
This commit is contained in:
Christian Boltz 2019-07-09 19:45:08 +00:00
commit db1f391844
5 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.err Normal file
View File

1
libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.in Normal file
View File

@ -0,0 +1 @@
type=AVC msg=audit(1562529588.082:3153): apparmor="DENIED" operation="open" profile="unbalanced_parenthesis" name="/dev/shm/test(me" pid=888 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

15
libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.out Normal file
View File

@ -0,0 +1,15 @@
START
File: unbalanced_parenthesis.in
Event type: AA_RECORD_DENIED
Audit ID: 1562529588.082:3153
Operation: open
Mask: r
Denied Mask: r
fsuid: 1000
ouid: 1000
Profile: unbalanced_parenthesis
Name: /dev/shm/test(me
Command: cat
PID: 888
Epoch: 1562529588
Audit subid: 3153

4
libraries/libapparmor/testsuite/test_multi/unbalanced_parenthesis.profile Normal file
View File

@ -0,0 +1,4 @@
profile unbalanced_parenthesis {
owner /dev/shm/test(me r,
}

3
utils/apparmor/common.py
View File

@ -217,6 +217,9 @@ def hasher():
def convert_regexp(regexp): def convert_regexp(regexp):
regex_paren = re.compile('^(.*){([^}]*)}(.*)$') regex_paren = re.compile('^(.*){([^}]*)}(.*)$')
regexp = regexp.strip() regexp = regexp.strip()
regexp = regexp.replace('(', '\\(').replace(')', '\\)') # escape '(' and ')'
new_reg = re.sub(r'(?<!\\)(\.|\+|\$)', r'\\\1', regexp) new_reg = re.sub(r'(?<!\\)(\.|\+|\$)', r'\\\1', regexp)
while regex_paren.search(new_reg): while regex_paren.search(new_reg):