mode strings overlap with other potential commands, or strings, and as currently written can be match as a leading substring of an ID. Eliminate the leading substring case by requiring that for a mode string to be recognized it must be terminated by whitespace, eol, eof, or comma (end of rule).
The other cases where modes string overlap are ambiguous and the ID should be quoted to remove the ambiguity. Signed-off-by: John Johansen <[email protected]> --- parser/parser_lex.l | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/parser/parser_lex.l b/parser/parser_lex.l index fc787c2..3118d17 100644 --- a/parser/parser_lex.l +++ b/parser/parser_lex.l @@ -175,9 +175,9 @@ SLASH \/ COLON : END_OF_RULE [,] RANGE - -MODE_CHARS ([RrWwaLlMmkXx])|(([Pp]|[Cc])[Xx])|(([Pp]|[Cc])?([IiUu])[Xx]) -MODES {MODE_CHARS}+ WS [[:blank:]] +MODE_CHARS ([RrWwaLlMmkXx])|(([Pp]|[Cc])[Xx])|(([Pp]|[Cc])?([IiUu])[Xx]) +MODES ({MODE_CHARS}+) NUMBER [[:digit:]]+ ID [^ \t\n"!,]|(,[^ \t\n"!]) LIST_VALUE_ID [^ \t\n"!,()]|([^ \t\n"!(),]) @@ -506,7 +506,7 @@ LT_EQUAL <= return TOK_ID; } -{MODES} { +({MODES})/({WS}|{END_OF_RULE}|[\n]) { DUMP_PREPROCESS; yylval.mode = strdup(yytext); PDEBUG("Found modes: %s\n", yylval.mode); -- 1.7.7.3 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
