psss / rpms / libsepol

Forked from rpms/libsepol 5 years ago
Clone
Source Code
GIT

Blame tmp.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 fmf master private-master-2.4 private-master-2.5 private-upstream-master requires
  1.   658aaff9c8e74ea6bb228be5994d4364cff0ed79
  2.   tmp.patch
Blob History Raw
5a38f90 
commit 541cb790e1e6ce666c4deb6ebac3212f1bc8f289
5a38f90 
Author: Eric Paris <eparis@redhat.com>
5a38f90 
Date:   Tue Jan 8 11:42:21 2013 -0500
5a38f90
5a38f90 
    start fixing stuff
5a38f90
5a38f90 
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
5a38f90 
index 9b42d8d..23cef4c 100644
5a38f90 
--- a/libsepol/src/services.c
5a38f90 
+++ b/libsepol/src/services.c
5a38f90 
@@ -47,7 +47,6 @@
5a38f90 
 #define REASON_BUF_SIZE 30000
5a38f90 
 /* The maximum size of each malloc'd expression buffer */
5a38f90 
 #define EXPR_BUF_SIZE 1000
5a38f90 
-/* Number expressions in a constraint - max seen in MLS policy is 21 */
5a38f90 
 #define EXPR_BUFFERS 30
5a38f90
5a38f90 
 #include <stdlib.h>
5a38f90 
@@ -79,27 +78,42 @@ static sidtab_t mysidtab, *sidtab = &mysidtab;
5a38f90 
 static policydb_t mypolicydb, *policydb = &mypolicydb;
5a38f90
5a38f90 
 /* Stack services for RPN to infix conversion. Size is num of expr bufs */
5a38f90 
-char *stack[EXPR_BUFFERS];
5a38f90 
-int tos = 0;
5a38f90 
-
5a38f90 
-void push(char * expr_ptr)
5a38f90 
+static char **stack;
5a38f90 
+static int stack_len;
5a38f90 
+static int next_stack_entry;
5a38f90 
+
5a38f90 
+static void push(char * expr_ptr)
5a38f90 
 {
5a38f90 
-	if (tos >= EXPR_BUFFERS) {
5a38f90 
-		ERR(NULL, "Stack is full");
5a38f90 
-		return;
5a38f90 
+	if (next_stack_entry >= stack_len) {
5a38f90 
+		char **new_stack = stack;
5a38f90 
+		int new_stack_len;
5a38f90 
+
5a38f90 
+		if (stack_len == 0)
5a38f90 
+			new_stack_len = 32;
5a38f90 
+		else
5a38f90 
+			new_stack_len = stack_len * 2;
5a38f90 
+
5a38f90 
+		new_stack = realloc(stack, new_stack_len * sizeof(*stack));
5a38f90 
+		if (!new_stack) {
5a38f90 
+			ERR(NULL, "unable to allocate space");
5a38f90 
+			return;
5a38f90 
+		}
5a38f90 
+		stack_len = new_stack_len;
5a38f90 
+		stack = new_stack;
5a38f90 
 	}
5a38f90 
-	stack[tos] = expr_ptr;
5a38f90 
-	tos++;
5a38f90 
+	stack[next_stack_entry] = expr_ptr;
5a38f90 
+	next_stack_entry++;
5a38f90 
 }
5a38f90 
-
5a38f90 
-char *pop()
5a38f90 
+
5a38f90 
+static char *pop(void)
5a38f90 
 {
5a38f90 
-	tos--;
5a38f90 
-	if (tos < 0) {
5a38f90 
-		ERR(NULL, "Stack is Empty");
5a38f90 
+	next_stack_entry--;
5a38f90 
+	if (next_stack_entry < 0) {
5a38f90 
+		next_stack_entry = 0;
5a38f90 
+		ERR(NULL, "pop called with no stack entries");
5a38f90 
 		return NULL;
5a38f90 
 	}
5a38f90 
-	return (char *)stack[tos];
5a38f90 
+	return stack[next_stack_entry];
5a38f90 
 }
5a38f90 
 /* End Stack services */
5a38f90
5a38f90 
@@ -322,6 +336,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext,
5a38f90
5a38f90 
 	/* Original function but with buffer support */
5a38f90 
 	for (e = constraint->expr; e; e = e->next) {
5a38f90 
+		if (expr_counter >= EXPR_BUFFERS) {
5a38f90 
+			ERR(NULL, "%s: expr_buf overflow", __func__);
5a38f90 
+			return -ENOMEM;
5a38f90 
+		}
5a38f90 
 		/* malloc a buffer to store each expression text component */
5a38f90 
 		expr_buf[expr_counter] = malloc(EXPR_BUF_SIZE);
5a38f90 
 		if (!expr_buf[expr_counter]) {
5a38f90 
@@ -622,6 +640,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext,
5a38f90 
 	for (x = 0; expr_buf[x] != NULL; x++) {
5a38f90 
 		if (strncmp(expr_buf[x], "and", 3) == 0 || strncmp(expr_buf[x],
5a38f90 
 					"or", 2) == 0) {
5a38f90 
+			if (answer_counter >= EXPR_BUFFERS) {
5a38f90 
+				ERR(NULL, "%s: answer_buf overflow", __func__);
5a38f90 
+				return -ENOMEM;
5a38f90 
+			}
5a38f90 
 			b = pop();
5a38f90 
 			b_len = strlen(b);
5a38f90 
 			a = pop();
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.