diff --git a/parser/libapparmor_re/chfa.cc b/parser/libapparmor_re/chfa.cc index f6e103681..b340c5130 100644 --- a/parser/libapparmor_re/chfa.cc +++ b/parser/libapparmor_re/chfa.cc @@ -25,6 +25,8 @@ #include #include +#include + #include #include #include @@ -587,10 +589,11 @@ void CHFA::weld_file_to_policy(CHFA &file_chfa, size_t &new_start, // to repeat assert(accept.size() == old_base_size); accept.resize(accept.size() + file_chfa.accept.size()); - size_t size = policy_perms.size(); + assert(policy_perms.size() < std::numeric_limits::max()); + ssize_t size = (ssize_t) policy_perms.size(); policy_perms.resize(size*2 + file_perms.size()); // shift and double the policy perms - for (size_t i = size - 1; size >= 0; i--) { + for (ssize_t i = size - 1; i >= 0; i--) { policy_perms[i*2] = policy_perms[i]; policy_perms[i*2 + 1] = policy_perms[i]; } diff --git a/parser/mount.cc b/parser/mount.cc index 3a966a82a..80f1e3bc4 100644 --- a/parser/mount.cc +++ b/parser/mount.cc @@ -349,7 +349,8 @@ int is_valid_mnt_cond(const char *name, int src) static unsigned int extract_flags(struct value_list **list, unsigned int *inv) { unsigned int flags = 0, invflags = 0; - *inv = 0; + if (inv) + *inv = 0; struct value_list *entry, *tmp, *prev = NULL; list_for_each_safe(*list, entry, tmp) { @@ -362,11 +363,7 @@ static unsigned int extract_flags(struct value_list **list, unsigned int *inv) " => req: 0x%x inv: 0x%x\n", entry->value, mnt_opts_table[i].set, mnt_opts_table[i].clear, flags, invflags); - if (prev) - prev->next = tmp; - if (entry == *list) - *list = tmp; - entry->next = NULL; + list_remove_at(*list, prev, entry); free_value_list(entry); } else prev = entry; diff --git a/parser/parser.h b/parser/parser.h index 67322e37e..4c342a8d6 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -242,17 +242,6 @@ do { \ len; \ }) -#define list_find_prev(LIST, ENTRY) \ -({ \ - typeof(ENTRY) tmp, prev = NULL; \ - list_for_each((LIST), tmp) { \ - if (tmp == (ENTRY)) \ - break; \ - prev = tmp; \ - } \ - prev; \ -}) - #define list_pop(LIST) \ ({ \ typeof(LIST) _entry = (LIST); \ @@ -270,12 +259,6 @@ do { \ (LIST) = (ENTRY)->next; \ (ENTRY)->next = NULL; \ -#define list_remove(LIST, ENTRY) \ -do { \ - typeof(ENTRY) prev = list_find_prev((LIST), (ENTRY)); \ - list_remove_at((LIST), prev, (ENTRY)); \ -} while (0) - #define DUP_STRING(orig, new, field, fail_target) \ do { \ diff --git a/parser/parser_alias.c b/parser/parser_alias.c index 827128e87..635f8c880 100644 --- a/parser/parser_alias.c +++ b/parser/parser_alias.c @@ -142,8 +142,10 @@ static void process_entries(const void *nodep, VISIT value, int level unused) } if (dup) { dup->alias_ignore = true; - /* adds to the front of the list, list iteratition - * will skip it + /* The original entry->next is in dup->next, so we don't lose + * any of the original elements of the linked list. Also, by + * setting dup->alias_ignore, we trigger the check at the start + * of the loop, skipping the new entry we just inserted. */ entry->next = dup;