On Wed, Aug 27, 2014 at 05:01:46PM -0500, Tyler Hicks wrote: > The writeu16() function was returning the address of the passed in > std::ostringstream and then the callers of that function were > incorrectly writing that address to the rule buffer. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> (Sigh, I even wondered if the "return o" was correct and chalked it up to crazy C++ being crazy.) Thanks > --- > > Before: > > $ echo "/t { unix (connect,read,write) type=stream, }" | apparmor_parser > -qQD dfa-states > {1} <== (allow/deny/audit/quiet) > {2} (0x 4/0/0/0) > {3} (0x 4/0/0/0) > {43} (0x 46/0/0/0) > {44} (0x 46/0/0/0) > > {1} -> {2}: 0x2 > {1} -> {3}: 0x4 > {1} -> {2}: 0x7 > {1} -> {2}: 0x9 > {1} -> {2}: 0xa > {1} -> {2}: 0x20 \ > {1} -> {4}: 0x34 4 > {3} (0x 4/0/0/0) -> {5}: 0x0 > {4} -> {6}: 0x0 > {5} -> {7}: 0x1 > {6} -> {2}: 0x31 1 > {7} -> {8}: 0x30 0 > {8} -> {9}: 0x78 x > {9} -> {10}: 0x37 7 > {10} -> {11}: 0x66 f > {11} -> {12}: 0x66 f > {12} -> {13}: 0x66 f > {13} -> {14}: 0x31 1 > {14} -> {15}: 0x30 0 > {15} -> {16}: 0x34 4 > {16} -> {17}: 0x66 f > {17} -> {18}: 0x33 3 > {18} -> {19}: 0x35 5 > {19} -> {20}: 0x31 1 > {20} -> {21}: 0x38 8 > {21} -> {22}: 0x0 > {22} -> {23}: 0x1 > {23} -> {24}: 0x30 0 > {24} -> {25}: 0x78 x > {25} -> {26}: 0x37 7 > {26} -> {27}: 0x66 f > {27} -> {28}: 0x66 f > {28} -> {29}: 0x66 f > {29} -> {30}: 0x31 1 > {30} -> {31}: 0x30 0 > {31} -> {32}: 0x34 4 > {32} -> {33}: 0x66 f > {33} -> {34}: 0x33 3 > {34} -> {35}: 0x35 5 > {35} -> {36}: 0x31 1 > {36} -> {37}: 0x38 8 > {37} -> {38}: [] > {38} -> {39}: [] > {39} -> {40}: 0x0 > {39} -> {39}: [] > {40} -> {40}: 0x0 > {40} -> {41}: 0x1 > {40} -> {39}: [] > {41} -> {42}: 0x0 > {41} -> {39}: [] > {42} -> {40}: 0x0 > {42} -> {44}: 0x1 > {42} -> {43}: [] > {43} (0x 46/0/0/0) -> {40}: 0x0 > {43} (0x 46/0/0/0) -> {43}: [] > {44} (0x 46/0/0/0) -> {42}: 0x0 > {44} (0x 46/0/0/0) -> {43}: [] > > After: > > $ echo "/t { unix (connect,read,write) type=stream, }" | apparmor_parser > -qQD dfa-states > {1} <== (allow/deny/audit/quiet) > {2} (0x 4/0/0/0) > {3} (0x 4/0/0/0) > {15} (0x 46/0/0/0) > {16} (0x 46/0/0/0) > > {1} -> {2}: 0x2 > {1} -> {3}: 0x4 > {1} -> {2}: 0x7 > {1} -> {2}: 0x9 > {1} -> {2}: 0xa > {1} -> {2}: 0x20 \ > {1} -> {4}: 0x34 4 > {3} (0x 4/0/0/0) -> {5}: 0x0 > {4} -> {6}: 0x0 > {5} -> {7}: 0x1 > {6} -> {2}: 0x31 1 > {7} -> {8}: 0x0 > {8} -> {9}: 0x1 > {9} -> {10}: [] > {10} -> {11}: [] > {11} -> {12}: 0x0 > {11} -> {11}: [] > {12} -> {12}: 0x0 > {12} -> {13}: 0x1 > {12} -> {11}: [] > {13} -> {14}: 0x0 > {13} -> {11}: [] > {14} -> {12}: 0x0 > {14} -> {16}: 0x1 > {14} -> {15}: [] > {15} (0x 46/0/0/0) -> {12}: 0x0 > {15} (0x 46/0/0/0) -> {15}: [] > {16} (0x 46/0/0/0) -> {14}: 0x0 > {16} (0x 46/0/0/0) -> {15}: [] > > parser/af_unix.cc | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/parser/af_unix.cc b/parser/af_unix.cc > index 7f6c0d0..51e986f 100644 > --- a/parser/af_unix.cc > +++ b/parser/af_unix.cc > @@ -189,7 +189,7 @@ static void warn_once(const char *name) > warn_once(name, "extended network unix socket rules not enforced"); > } > > -std::ostringstream &writeu16(std::ostringstream &o, int v) > +static void writeu16(std::ostringstream &o, int v) > { > u16 tmp = htobe16((u16) v); > u8 *byte1 = (u8 *)&tmp; > @@ -197,7 +197,6 @@ std::ostringstream &writeu16(std::ostringstream &o, int v) > > o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << > static_cast<unsigned int>(*byte1); > o << "\\x" << std::setfill('0') << std::setw(2) << std::hex << > static_cast<unsigned int>(*byte2); > - return o; > } > > #define CMD_ADDR 1 > @@ -256,13 +255,13 @@ int unix_rule::gen_policy_re(Profile &prof) > > > buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << > AA_CLASS_NET; > - buffer << writeu16(buffer, AF_UNIX); > + writeu16(buffer, AF_UNIX); > if (sock_type) > - buffer << writeu16(buffer, sock_type_n); > + writeu16(buffer, sock_type_n); > else > buffer << ".."; > if (proto) > - buffer << writeu16(buffer, proto_n); > + writeu16(buffer, proto_n); > else > buffer << ".."; > > -- > 2.1.0 > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor