On Wed, Aug 27, 2014 at 05:01:45PM -0500, Tyler Hicks wrote: > The writeu16() function was outputting unescaped byte sequences to the > rule buffer. That resulted the generation of in an incomplete rule if > one of those unescaped byte sequences contained 0x00. > > This patch uses u8 pointers, instead of char pointers, when writing out > the big endian u16 value. More importantly, it casts the u8 values to > unsigned ints, which is what's needed to get the properly escaped byte > sequences. > > Signed-off-by: Tyler Hicks <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > --- > > Before: > > $ echo "/t { unix (connect,read,write) type=stream, }" | apparmor_parser > -qQD dfa-states > {1} <== (allow/deny/audit/quiet) > {2} (0x 4/0/0/0) > {3} (0x 4/0/0/0) > {5} (0x 46/0/0/0) > > {1} -> {2}: 0x2 > {1} -> {3}: 0x4 > {1} -> {2}: 0x7 > {1} -> {2}: 0x9 > {1} -> {2}: 0xa > {1} -> {2}: 0x20 \ > {1} -> {4}: 0x34 4 > {3} (0x 4/0/0/0) -> {5}: 0x0 > {4} -> {6}: 0x0 > {6} -> {2}: 0x31 1 > > > After (the next patch fixes the pointer values that are being written out): > > $ echo "/t { unix (connect,read,write) type=stream, }" | apparmor_parser > -qQD dfa-states > {1} <== (allow/deny/audit/quiet) > {2} (0x 4/0/0/0) > {3} (0x 4/0/0/0) > {43} (0x 46/0/0/0) > {44} (0x 46/0/0/0) > > {1} -> {2}: 0x2 > {1} -> {3}: 0x4 > {1} -> {2}: 0x7 > {1} -> {2}: 0x9 > {1} -> {2}: 0xa > {1} -> {2}: 0x20 \ > {1} -> {4}: 0x34 4 > {3} (0x 4/0/0/0) -> {5}: 0x0 > {4} -> {6}: 0x0 > {5} -> {7}: 0x1 > {6} -> {2}: 0x31 1 > {7} -> {8}: 0x30 0 > {8} -> {9}: 0x78 x > {9} -> {10}: 0x37 7 > {10} -> {11}: 0x66 f > {11} -> {12}: 0x66 f > {12} -> {13}: 0x66 f > {13} -> {14}: 0x31 1 > {14} -> {15}: 0x30 0 > {15} -> {16}: 0x34 4 > {16} -> {17}: 0x66 f > {17} -> {18}: 0x33 3 > {18} -> {19}: 0x35 5 > {19} -> {20}: 0x31 1 > {20} -> {21}: 0x38 8 > {21} -> {22}: 0x0 > {22} -> {23}: 0x1 > {23} -> {24}: 0x30 0 > {24} -> {25}: 0x78 x > {25} -> {26}: 0x37 7 > {26} -> {27}: 0x66 f > {27} -> {28}: 0x66 f > {28} -> {29}: 0x66 f > {29} -> {30}: 0x31 1 > {30} -> {31}: 0x30 0 > {31} -> {32}: 0x34 4 > {32} -> {33}: 0x66 f > {33} -> {34}: 0x33 3 > {34} -> {35}: 0x35 5 > {35} -> {36}: 0x31 1 > {36} -> {37}: 0x38 8 > {37} -> {38}: [] > {38} -> {39}: [] > {39} -> {40}: 0x0 > {39} -> {39}: [] > {40} -> {40}: 0x0 > {40} -> {41}: 0x1 > {40} -> {39}: [] > {41} -> {42}: 0x0 > {41} -> {39}: [] > {42} -> {40}: 0x0 > {42} -> {44}: 0x1 > {42} -> {43}: [] > {43} (0x 46/0/0/0) -> {40}: 0x0 > {43} (0x 46/0/0/0) -> {43}: [] > {44} (0x 46/0/0/0) -> {42}: 0x0 > {44} (0x 46/0/0/0) -> {43}: [] > > parser/af_unix.cc | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/parser/af_unix.cc b/parser/af_unix.cc > index 34b93a4..7f6c0d0 100644 > --- a/parser/af_unix.cc > +++ b/parser/af_unix.cc > @@ -192,9 +192,11 @@ static void warn_once(const char *name) > std::ostringstream &writeu16(std::ostringstream &o, int v) > { > u16 tmp = htobe16((u16) v); > - char *c = (char *) &tmp; > - o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << *c++; > - o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << *c; > + u8 *byte1 = (u8 *)&tmp; > + u8 *byte2 = byte1 + 1; > + > + o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << > static_cast<unsigned int>(*byte1); > + o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << > static_cast<unsigned int>(*byte2); > return o; > } > > -- > 2.1.0 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
