Currently the parser does escape processing in multiple places, this can result in failures if not handled properly

The lexer front end currently incorrectly processes the \000 \x00 \d00 escape sequence resulting in a null character being embedded in the processed string, this results in the string not being full processed later. The aare to pcre regex conversion fn also incorrectly strips out the \00, and any other escape sequence it doesn't know about, resulting in incorrect strings being passed to the backend. Fix this by passing through any valid escape sequence that is not handled by the fn. this is a partial fix for Bug: http://bugs.launchpad.net/bugs/1413410 Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-03-04 16:35:02 +01:00 · 2015-01-29 14:54:08 -08:00 · 2015-01-29 14:54:08 -08:00 · 03d7c37650
commit 03d7c37650
parent 024e7ddf41
2 changed files with 28 additions and 7 deletions
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@ -243,7 +243,10 @@ char *processunquoted(const char *string, int len)
 			 * pass it through to be handled by the backend
 			 * pcre conversion
 			 */
-			if (strchr("*?[]{}^,\\", c) != NULL) {
+			if (c == 0) {
+				strncpy(s, string, pos - string);
+				s += pos - string;
+			} else if (strchr("*?[]{}^,\\", c) != NULL) {
 				*s++ = '\\';
 				*s++ = c;
 			} else
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@ -29,6 +29,7 @@

 /* #define DEBUG */

+#include "lib.h"
 #include "parser.h"
 #include "profile.h"
 #include "libapparmor_re/apparmor_re.h"
@ -342,12 +343,26 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,

 		default:
 			if (bEscape) {
-				/* quoting mark used for something that
-				 * does not need to be quoted; give a warning */
-				pwarn("Character %c was quoted unnecessarily, "
-				      "dropped preceding quote ('\\') character\n", *sptr);
-			}
-			pcre.append(1, *sptr);
+				const char *pos = sptr;
+				int c;
+				if ((c = str_escseq(&pos, "")) != -1) {
+					/* valid escape we don't want to
+					 * interpret here */
+					pcre.append("\\");
+					pcre.append(sptr, pos - sptr);
+					sptr += (pos - sptr) - 1;
+				} else {
+					/* quoting mark used for something that
+					 * does not need to be quoted; give a
+					 * warning */
+					pwarn("Character %c was quoted "
+					      "unnecessarily, dropped preceding"
+					      " quote ('\\') character\n",
+					      *sptr);
+					pcre.append(1, *sptr);
+				}
+			} else
+				pcre.append(1, *sptr);
 			break;
 		}	/* switch (*sptr) */

@ -927,6 +942,9 @@ static int test_aaregex_to_pcre(void)
 	MY_REGEX_TEST("\\\\|", "\\\\\\|", ePatternBasic);
 	MY_REGEX_TEST("\\\\(", "\\\\\\(", ePatternBasic);
 	MY_REGEX_TEST("\\\\)", "\\\\\\)", ePatternBasic);
+	MY_REGEX_TEST("\\000", "\\000", ePatternBasic);
+	MY_REGEX_TEST("\\x00", "\\x00", ePatternBasic);
+	MY_REGEX_TEST("\\d000", "\\d000", ePatternBasic);

 	/* more complicated character class tests */
 	/*   -- embedded alternations */