[libsepol] Fix libsepol.stack messages in audit2allow/audit2why
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Jan 8 18:36:25 UTC 2013
commit 5a38f90989b286a84b66dc03512c9139544fa61f
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jan 8 13:35:56 2013 -0500
Fix libsepol.stack messages in audit2allow/audit2why
tmp.patch | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 98 insertions(+), 0 deletions(-)
---
diff --git a/tmp.patch b/tmp.patch
new file mode 100644
index 0000000..41ebb90
--- /dev/null
+++ b/tmp.patch
@@ -0,0 +1,98 @@
+commit 541cb790e1e6ce666c4deb6ebac3212f1bc8f289
+Author: Eric Paris <eparis at redhat.com>
+Date: Tue Jan 8 11:42:21 2013 -0500
+
+ start fixing stuff
+
+diff --git a/libsepol/src/services.c b/libsepol/src/services.c
+index 9b42d8d..23cef4c 100644
+--- a/libsepol/src/services.c
++++ b/libsepol/src/services.c
+@@ -47,7 +47,6 @@
+ #define REASON_BUF_SIZE 30000
+ /* The maximum size of each malloc'd expression buffer */
+ #define EXPR_BUF_SIZE 1000
+-/* Number expressions in a constraint - max seen in MLS policy is 21 */
+ #define EXPR_BUFFERS 30
+
+ #include <stdlib.h>
+@@ -79,27 +78,42 @@ static sidtab_t mysidtab, *sidtab = &mysidtab;
+ static policydb_t mypolicydb, *policydb = &mypolicydb;
+
+ /* Stack services for RPN to infix conversion. Size is num of expr bufs */
+-char *stack[EXPR_BUFFERS];
+-int tos = 0;
+-
+-void push(char * expr_ptr)
++static char **stack;
++static int stack_len;
++static int next_stack_entry;
++
++static void push(char * expr_ptr)
+ {
+- if (tos >= EXPR_BUFFERS) {
+- ERR(NULL, "Stack is full");
+- return;
++ if (next_stack_entry >= stack_len) {
++ char **new_stack = stack;
++ int new_stack_len;
++
++ if (stack_len == 0)
++ new_stack_len = 32;
++ else
++ new_stack_len = stack_len * 2;
++
++ new_stack = realloc(stack, new_stack_len * sizeof(*stack));
++ if (!new_stack) {
++ ERR(NULL, "unable to allocate space");
++ return;
++ }
++ stack_len = new_stack_len;
++ stack = new_stack;
+ }
+- stack[tos] = expr_ptr;
+- tos++;
++ stack[next_stack_entry] = expr_ptr;
++ next_stack_entry++;
+ }
+-
+-char *pop()
++
++static char *pop(void)
+ {
+- tos--;
+- if (tos < 0) {
+- ERR(NULL, "Stack is Empty");
++ next_stack_entry--;
++ if (next_stack_entry < 0) {
++ next_stack_entry = 0;
++ ERR(NULL, "pop called with no stack entries");
+ return NULL;
+ }
+- return (char *)stack[tos];
++ return stack[next_stack_entry];
+ }
+ /* End Stack services */
+
+@@ -322,6 +336,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext,
+
+ /* Original function but with buffer support */
+ for (e = constraint->expr; e; e = e->next) {
++ if (expr_counter >= EXPR_BUFFERS) {
++ ERR(NULL, "%s: expr_buf overflow", __func__);
++ return -ENOMEM;
++ }
+ /* malloc a buffer to store each expression text component */
+ expr_buf[expr_counter] = malloc(EXPR_BUF_SIZE);
+ if (!expr_buf[expr_counter]) {
+@@ -622,6 +640,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext,
+ for (x = 0; expr_buf[x] != NULL; x++) {
+ if (strncmp(expr_buf[x], "and", 3) == 0 || strncmp(expr_buf[x],
+ "or", 2) == 0) {
++ if (answer_counter >= EXPR_BUFFERS) {
++ ERR(NULL, "%s: answer_buf overflow", __func__);
++ return -ENOMEM;
++ }
+ b = pop();
+ b_len = strlen(b);
+ a = pop();
More information about the scm-commits
mailing list