commit 541cb790e1e6ce666c4deb6ebac3212f1bc8f289 Author: Eric Paris Date: Tue Jan 8 11:42:21 2013 -0500 start fixing stuff diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 9b42d8d..23cef4c 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -47,7 +47,6 @@ #define REASON_BUF_SIZE 30000 /* The maximum size of each malloc'd expression buffer */ #define EXPR_BUF_SIZE 1000 -/* Number expressions in a constraint - max seen in MLS policy is 21 */ #define EXPR_BUFFERS 30 #include @@ -79,27 +78,42 @@ static sidtab_t mysidtab, *sidtab = &mysidtab; static policydb_t mypolicydb, *policydb = &mypolicydb; /* Stack services for RPN to infix conversion. Size is num of expr bufs */ -char *stack[EXPR_BUFFERS]; -int tos = 0; - -void push(char * expr_ptr) +static char **stack; +static int stack_len; +static int next_stack_entry; + +static void push(char * expr_ptr) { - if (tos >= EXPR_BUFFERS) { - ERR(NULL, "Stack is full"); - return; + if (next_stack_entry >= stack_len) { + char **new_stack = stack; + int new_stack_len; + + if (stack_len == 0) + new_stack_len = 32; + else + new_stack_len = stack_len * 2; + + new_stack = realloc(stack, new_stack_len * sizeof(*stack)); + if (!new_stack) { + ERR(NULL, "unable to allocate space"); + return; + } + stack_len = new_stack_len; + stack = new_stack; } - stack[tos] = expr_ptr; - tos++; + stack[next_stack_entry] = expr_ptr; + next_stack_entry++; } - -char *pop() + +static char *pop(void) { - tos--; - if (tos < 0) { - ERR(NULL, "Stack is Empty"); + next_stack_entry--; + if (next_stack_entry < 0) { + next_stack_entry = 0; + ERR(NULL, "pop called with no stack entries"); return NULL; } - return (char *)stack[tos]; + return stack[next_stack_entry]; } /* End Stack services */ @@ -322,6 +336,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext, /* Original function but with buffer support */ for (e = constraint->expr; e; e = e->next) { + if (expr_counter >= EXPR_BUFFERS) { + ERR(NULL, "%s: expr_buf overflow", __func__); + return -ENOMEM; + } /* malloc a buffer to store each expression text component */ expr_buf[expr_counter] = malloc(EXPR_BUF_SIZE); if (!expr_buf[expr_counter]) { @@ -622,6 +640,10 @@ static int constraint_expr_eval_reason(context_struct_t * scontext, for (x = 0; expr_buf[x] != NULL; x++) { if (strncmp(expr_buf[x], "and", 3) == 0 || strncmp(expr_buf[x], "or", 2) == 0) { + if (answer_counter >= EXPR_BUFFERS) { + ERR(NULL, "%s: answer_buf overflow", __func__); + return -ENOMEM; + } b = pop(); b_len = strlen(b); a = pop();