apparmor

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00

History

John Johansen a6691ca53e Merge parser: fix Normalizatin infinite loop Expression simplification can get into an infinite loop due to eps pairs hiding behind and alternation that can't be caught by normalize_eps() (which exists in the first place to stop a similar loop). The loop in question happens in AltNode::normalize when a subtree has the following structure. 1. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ alt eps /\ / \ / \ eps eps 2. if (normalize_eps(dir)) results in alt /\ / \ / \ alt eps /\ / \ / \ alt eps /\ / \ / \ eps eps 3. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ alt alt /\ /\ / \ / \ / \ / \ eps eps eps eps 4. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ eps alt /\ / \ / \ eps eps 5. if (normalize_eps(dir)) results in alt /\ / \ / \ alt eps /\ / \ / \ eps alt /\ / \ / \ eps eps 6. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ alt eps /\ / \ / \ eps eps back to beginning of cycle Fix this by detecting the creation of an eps_pair in rotate_node(), that pair can be immediately eliminated by simplifying the tree in that step. In the above cycle the pair creation is caught at step 3 resulting in 3. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ alt eps /\ / \ / \ eps eps 4. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ eps eps which gets reduced to alt /\ / \ / \ eps eps breaking the normalization loop. The degenerate alt node will be caught in turn when its parent is dealt with. This needs to be backported to all releases Closes: https://gitlab.com/apparmor/apparmor/-/issues/398 Fixes: `846cee506` ("Split out parsing and expression trees from regexp.y") Reported-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com> Closes #398 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1252 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: John Johansen <john@jjmx.net>		2024-06-14 19:39:21 +00:00
..
abi	Add some empty and cut-off bad abi rules	2022-04-17 00:38:18 +02:00
all	parser: add support for a generic all rule type	2023-09-07 01:30:15 -07:00
bare_include_tests	parser tests: add include in preamble tests	2020-05-05 00:30:18 -07:00
capability	treewide: spelling/typo fixes in comments and docs	2020-12-01 12:47:11 -08:00
change_hat	as ACKed on IRC, drop the unused $Id$ tags everywhere	2010-12-20 12:29:10 -08:00
change_profile	Fix: make sure overlapping safe and unsafe exec rules conflict	2016-06-02 22:24:22 -07:00
conditional	treewide: spelling/typo fixes in comments and docs	2020-12-01 12:47:11 -08:00
dbus	Add some simple_tests ("deny dbus name=(SomeService)," and "deny file,")	2016-01-07 23:39:56 +01:00
file	treewide: spelling/typo fixes in comments and docs	2020-12-01 12:47:11 -08:00
include_tests	Add a test with recursive include in preamble	2021-04-28 13:32:08 +02:00
includes	Add a test with recursive include in preamble	2021-04-28 13:32:08 +02:00
includes-preamble	Move preamble inclusions to a different directory since it was breaking	2008-11-25 19:05:40 +00:00
io_uring	parser: add io_uring simple tests	2023-05-03 16:03:52 +02:00
mount	MountRule: Add support for empty ("") source	2024-06-09 23:09:05 +02:00
mqueue	parser: add parser simple tests for mqueue rules	2022-11-22 19:31:15 +00:00
namespaces	parser tests: add userns simple tests	2022-10-27 17:54:42 +00:00
network	Merge parser: add network inet mediation documentation to apparmor.d	2024-04-12 03:46:23 +00:00
profile	parser: add error=EXX flag support	2024-04-15 16:32:16 -03:00
ptrace	Add tests for various rules outside of a profile	2015-10-19 21:13:48 +02:00
regressions	parser: fix Normalizatin infinite loop	2024-06-14 07:00:47 -07:00
rewrite	parse_profile_data(): error out on alias inside profile	2018-05-06 14:27:32 +02:00
rlimits	treewide: spelling/typo fixes in comments and docs	2020-12-01 12:47:11 -08:00
signal	Add tests for various rules outside of a profile	2015-10-19 21:13:48 +02:00
unix	parser: add support for autobind sockets	2020-09-29 03:34:56 -07:00
vars	Remove TODO notes from no-longer-failing tests	2018-08-22 22:24:43 +02:00
xattrs	parser: support matching xattr keys but not values	2019-11-26 21:32:08 -08:00
xtrans	Remove TODO notes from no-longer-failing tests	2018-08-22 22:24:43 +02:00
readme	Add missing files from my last 11 patches as I forgot to do bzr add before	2010-12-20 13:18:36 -08:00

readme

Directory for auto generated x-transition tests